CISA has added CVE‑2026‑1340 to its Known Exploited Vulnerabilities catalogue. The entry covers Ivanti Endpoint Manager Mobile (EPMM) and concerns the Ivanti Endpoint Manager Mobile (EPMM) Code Injection Vulnerability. This flaw permits unauthenticated remote code execution.
The vulnerability is a code injection issue that can be triggered without authentication, allowing an attacker to execute arbitrary code on the affected server. It carries a CVSS v3.1 base score of 9.8, rated Critical. Ivanti has released a patch addressing the issue, with advisories available at https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Endpoint-Manager-Mobile-EPMM-CVE-2026-1281-CVE-2026-1340 and corresponding RPM packages. The flaw permits unauthenticated remote code execution, potentially leading to full system compromise.
Because the vulnerability is listed in the KEV catalogue, active exploitation has been confirmed in the wild. No public reports link this flaw to ransomware campaigns at present. CISA’s notes advise organisations to adhere to Ivanti's guidelines to assess exposure, check for signs of potential compromise on all internet‑accessible EPMM instances, and apply any final mitigations provided by the vendor as soon as possible. The agency has set a remediation deadline of 11 April 2026 for Federal Civilian Executive Branch agencies.
CISA’s required remediation action is: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. While the directive binds Federal Civilian Executive Branch agencies, all organisations should review their exposure to EPMM, verify whether the patch has been applied, and implement any recommended mitigations or workaround steps outlined in the vendor’s security advisory.
For full details, consult the NVD entry at https://nvd.nist.gov/vuln/detail/CVE-2026-1340 and the CISA KEV catalogue.