ACCORDING to Ivanti, attackers are actively exploiting critical vulnerabilities in its Endpoint Manager Mobile (EPMM), with two flaws carrying a maximum CVSS score of 9.8. The vulnerabilities, CVE-2026-1281 and CVE-2026-1340, allow unauthenticated remote code execution by injecting code into Ivanti EPMM Mobile, a flaw described as unauthenticated and thus reachable without credentials.
Ivanti notes that the exploitation is not merely theoretical but involves a very limited number of customers at disclosure, underscoring real-world risk to mobile device management infrastructure. The advisory emphasises that the impact is specific to EPMM and does not affect other Ivanti products or Ivanti cloud offerings, such as Ivanti Neurons for MDM. Administrators are advised to revoke previously generated user certificates and regenerate them using admin-driven actions from the EPMM product.
With active exploitation confirmed, patching windows are effectively closed, and organisations are urged to apply updates immediately to reduce the chance of compromise. 30 January 2026.