THE U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added Ivanti EPMM to its Known Exploited Vulnerabilities catalog after it was found to contain CVE-2026-1281, a code injection flaw affecting Ivanti Endpoint Manager Mobile. The advisory notes the vulnerability carries a CVSS score of 9.8 and enables an unauthenticated attacker to achieve remote code execution.
The company said it is aware of attacks in the wild exploiting the flaw, while Ivanti and Sentry for MDM are not affected and cloud customers remain unaffected. Ivanti has released a patch and expanded customer support as the investigation continues.
According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities, federal agencies must address the identified vulnerabilities by the due date to protect their networks, with CISA also urging private organisations to review the KEV Catalog and remediate.