Vulnerability intelligence
CVE-2026-1340
Ivanti Endpoint Manager Mobile (EPMM) Code Injection Vulnerability
A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution.
CVSS Score
9.8
Critical
EPSS — Exploit Probability
74%
Riskier than 99% of all CVEs
Exploitation
Confirmed in the wild
Used in ransomware campaigns
Remediation
Patch available
Federal deadline 2026-04-11
CISA required action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. Deadline for federal agencies: 2026-04-11.
4 articles across 4 outlets · first covered Apr 8, 2026 · latest May 8, 2026
Coverage timeline
-
Ivanti patches EPMM zero day CVE-2026-6973 after targeted attackswww.securityweek.com · May 8, 2026
-
CISA adds critical Ivanti EPMM flaw to KEV after PoC releasesecurityaffairs.com · Apr 8, 2026
-
CISA Flags CVE-2026-1340 in Ivanti EPMM, Orders Rapid Patchwww.cisa.gov · Apr 8, 2026
-
CISA warns of Ivanti EPMM flaw enabling remote code executioncisa.gov · Apr 8, 2026