CVE-2026-1340: A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution.

Description

A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution.

Affected Products

Vendor	Product	Versions
ivanti	endpoint_manager_mobile	—

References

https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Endpoint-Manager-Mobile-EPMM-CVE-2026-1281-CVE-2026-1340

Related News (2 articles)

Tier D

BleepingComputer3h ago

CISA orders feds to patch exploited Ivanti EPMM flaw by Sunday

→ No new info (linked only)

Tier B

CCCS Canada3h ago

Ivanti security advisory (AV26-068) – Update 2

→ No new info (linked only)

CVSS 3.19.8 CRITICAL

VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA KEV✅ Yes

Actively exploited✅ Yes

Patch available

12.x.1.x RPM12.x.0.x RPM

CWECWE-94

PublishedJan 29, 2026

Last enriched3h agov2

Trending Score139🔥

Source articles2

Independent2

Info Completeness10/14

Missing: epss, exploit, iocs, mitre_attack

Community Vote

Version History

Last enriched 3h ago

v2Tier B3h ago

Added affected versions 12.5.0.0, 12.6.0.0, 12.7.0.0, 12.5.1.0, and 12.6.1.0, and marked exploit as available.

affectedVersions

via CCCS Canada

v17d ago

Initial creation

CVE-2026-1340: A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution.

Description

Affected Products

References

Related News (2 articles)

Community Vote

Related CVEs (4)

Pin to Dashboard

Verification

Vulnerability Timeline

Version History