IVANTI has issued emergency patches for two critical-severity EPMM vulnerabilities, tracked as CVE-2026-1281 and CVE-2026-1340, which are described as code injection flaws that unauthenticated attackers could exploit to achieve remote code execution. According to Ivanti, the flaws affect in-house application distribution and Android file transfer configuration features in Endpoint Manager Mobile and have been exploited in the wild as zero-days.
The company says that all EPMM versions up to 12.5.0[.]0, 12.6.0[.]0, 12.7.0[.]0, 12.5.1[.]0, and 12.6.1[.]0 are affected, and it has released RPM patches for 12.x, with guidance to reapply the RPM script after any update. Ivanti encourages customers to upgrade to version 12.8.0[.]0 once released in Q1 2026, after which reapplication of the RPM script should not be required.
CISA has added CVE-2026-1281 to its Known Exploited Vulnerabilities catalog, urging federal agencies to patch by 1 February, with the advisory noting limited exploitation and outlining potential attacker techniques such as web shells and reverse shells.