Ivanti Releases Emergency Patches for Critical EPMM Zero-Day Vulnerabilities

What's Happening?

Ivanti has announced the release of emergency patches for two critical vulnerabilities in its Endpoint Manager Mobile (EPMM) software. These vulnerabilities, identified as CVE-2026-1281 and CVE-2026-1340, have been actively exploited in the wild. The vulnerabilities are code

injection issues that allow unauthenticated attackers to execute remote code, potentially compromising sensitive information such as administrator and user details, as well as mobile device data. The affected versions include all EPMM iterations up to 12.5.0.0, 12.6.0.0, 12.7.0.0, 12.5.1.0, and 12.6.1.0. Ivanti has released specific RPM patches to address these issues and recommends upgrading to version 12.8.0.0 once available. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2026-1281 to its Known Exploited Vulnerabilities catalog, urging federal agencies to apply the patch by February 1.

Why It's Important?

The release of these patches is crucial for preventing potential data breaches and unauthorized access to sensitive information managed by EPMM. The vulnerabilities pose a significant risk to organizations using the affected software, as they could lead to unauthorized access and manipulation of critical data. The urgency of the situation is underscored by CISA's directive for federal agencies to patch the vulnerabilities promptly, highlighting the potential impact on national cybersecurity. Organizations that fail to apply these patches risk exposure to cyberattacks, which could result in data loss, operational disruptions, and financial damage.

What's Next?

Organizations using EPMM are advised to apply the released patches immediately and prepare for the upcoming version 12.8.0.0 to ensure long-term security. Ivanti recommends restoring compromised systems from known good backups and applying all necessary patches before reconnecting to the internet. Additionally, organizations should reset passwords for all related accounts and replace public certificates used by EPMM. CISA's inclusion of the vulnerability in its KEV catalog suggests that further monitoring and compliance efforts will be necessary to mitigate risks associated with these vulnerabilities.