Two serious flaws in Endpoint Manager Mobile (EPMM) that could enable unauthenticated remote code execution have been revealed by Ivanti This article explores epmm instances vulnerabilities. . With a maximum CVSS severity score of 9.8, the vulnerabilities—tracked as CVE-2026-1281 and CVE-2026-1340—both result from code injection problems and pose a serious risk to impacted deployments.

Overview of Vulnerabilities On susceptible EPMM instances, both vulnerabilities allow attackers to run arbitrary code without authentication. All that is needed for the attack is network access; neither extra privileges nor user interaction are required. The active threat posed by these flaws is highlighted by Ivanti's confirmation that a small number of customers had already been exploited at the time of disclosure.

Interestingly, the vulnerabilities are specific to EPMM and do not affect other Ivanti products, such as cloud-based solutions like Ivanti Endpoint Manager (EPM) or Neurons for MDM. These specific vulnerabilities do not affect customers who use Ivanti cloud products with Sentry integration. CVE-2026-1281 9.8 (Critical) CVE ID CVSS Score CVSS Vector CWE Impact CVE-2026-1340 9.8 (Critical) AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CWE-94 Unauthenticated RCE Several EPMM versions, including 12.5.0.0, 12.6.0.0, 12.7.0.0, 12.5.1.0, and 12.6.1.0.

RPM patch files tailored to each version track have been made available by Ivanti. RPM 12.x.0.x should be used by organizations using versions 12.5.0.x, 12.6.0.x, or 12.7.0.x; RPM 12.x.1.x is necessary for those using versions 12.5.1.0 or 12.6.1.0. The patches don't affect system functionality and can be installed without any downtime.

Organizations upgrading after applying the RPM patch will need to reinstall it because the RPM patch does not last through version upgrades. During deployment, installation necessitates prefixing credentials directly in the RPM URL. EPMM version 12.8.0.0, which is anticipated in Q1 2026, will include the permanent fix.

To avoid the need for frequent RPM reapplication, organizations should give priority to updating to this version as soon as it is released. In order to avoid the need for device re-enrollment, Ivanti suggests rebuilding the entire EPMM appliance and migrating data for organizations that demand the highest level of security posture. Although it necessitates more operational work, this method is the most thorough remediation strategy. Patching should be a top priority for organizations that oversee EPMM infrastructure.

These vulnerabilities are extremely critical because they require unauthenticated access, require no user interaction, and have been confirmed to be actively exploited.

Malicious Domains with an Education Theme Associated with Bulletproof Hosting