The Endpoint Manager Mobile (EPMM) platform has been found to have two serious code-injection flaws, which are presently being actively used in actual attacks This article explores attacks cve 2026. . CVE-2026-1281 and CVE-2026-1340 are security flaws that enable unauthenticated attackers to remotely execute arbitrary code on susceptible systems. The vulnerabilities impact several versions of EPMM, including 12.5.0.0, 12.6.0.0, and 12.7.0.0, and have a maximum CVSS severity score of 9.8.

Ivanti's security advisory, which was released on January 29, 2026, states that at the time of disclosure, the company was aware of a small number of customer environments that had already been compromised. Verified Active Exploitation Code-injection flaws (CWE-94), which can be exploited without user interaction or authentication, are the source of both vulnerabilities.

Threat actors can easily and remotely compromise vulnerable EPMM instances thanks to the low-complexity, network-based attack vector. Attackers who successfully exploit a system have total control over its availability, confidentiality, and integrity. Description of the CVE Number CVSS Score CVSS Vector CWE CVE-2026-1281 Code injection that permits unauthenticated RCE 9.8 (Critical) AV:N/AC:L/PR:N/UI:CWE-94 CVE-2026-1340 N/S:U/C:H/I:H/A:H Unauthorized RCE 9.8 (Critical) AV:N/AC:L/PR:N/UI is made possible by code injection.CWE-94 N/S:U/C:H/I:H/A:H Ivanti has released version-specific RPM patches to address the security flaws.

Customers are waiting for the long-term solution, which is planned for version 12.8.0.0 in Q1 2026. The temporary patches don't affect feature functionality and don't require any system outages. However, following version upgrades, administrators need to reapply the RPM script.

Learn more about cybersecurity Artificial intelligence in web browsers Organizations running EPMM should immediately apply the version-specific RPM patches available through Ivanti’s support portal. RPM 12.x.0.x is needed by customers running versions 12.5.0.x through 12.7.0.x, and RPM 12.x.1.x should be used by those running versions 12.5.1.0 or 12.6.1.0. The business highlights that, depending on the deployed version, only one patch is required.

Ivanti recommends security-conscious organizations consider rebuilding EPMM environments and migrating data to replacement systems as the most conservative remediation approach. The company has provided technical analysis documentation with forensic guidance, though reliable indicators of compromise remain unavailable as investigations continue. Notably, other Ivanti products including Endpoint Manager (EPM), Neurons for MDM, and Sentry appliances are not affected by these vulnerabilities., LinkedIn, and X for daily cybersecurity updates.

To have your stories featured, get in touch with us.