ACCORDING to CISA, the Known Exploited Vulnerabilities (KEV) Catalog lists CVE-2026-1340 as Ivanti Endpoint Manager Mobile (EPMM) Code Injection Vulnerability, which could allow attackers to achieve unauthenticated remote code execution. The entry notes a related CWE of 94 and that the vulnerability is currently Unknown for being used in ransomware campaigns.
Action guidance in the KEV entry urges applying mitigations per Ivanti’s instructions, following relevant cloud service guidance, or discontinuing use of the product if mitigations are unavailable. The record shows a date added of 2026-04-08 and a due date of 2026-04-11. Additional notes encourage adherence to Ivanti’s exposure assessment and to check for signs of compromise across all affected Ivanti products, with links to vendor advisories and related updates.