Code Injection Vulnerability in Ivanti Endpoint Manager Mobile
CVE-2026-1281

9.8CRITICAL

Key Information:

Vendor

Ivanti
Status
Endpoint Manager Mobile
Vendor
CVE Published:
29 January 2026

Badges

πŸ”₯ Trending nowπŸ₯‡ Trended No. 1πŸ“ˆ TrendedπŸ“ˆ Score: 7,040πŸ‘Ύ Exploit Exists🟣 EPSS 43%πŸ¦… CISA Reported

What is CVE-2026-1281?

CVE-2026-1281 is a severe code injection vulnerability identified in Ivanti Endpoint Manager Mobile, a product designed to help organizations manage and secure their mobile devices and applications. This vulnerability permits attackers to perform unauthenticated remote code execution, meaning they can execute arbitrary code on affected systems without needing valid credentials. Given the critical role that Ivanti Endpoint Manager Mobile plays in managing corporate mobile environments, the exploitation of this vulnerability could lead to significant disruptions, unauthorized data access, and potential loss of sensitive information. Organizations relying on this software may face operational risks and reputational damage as a consequence of such security breaches.

Potential impact of CVE-2026-1281

  1. Unauthorized Remote Code Execution: Attackers exploiting this vulnerability can execute arbitrary code remotely, gaining full control over the affected device and its associated applications. This could enable them to manipulate, steal, or alter data, leading to severe data breaches.

  2. Widespread System Compromise: Given that Ivanti Endpoint Manager Mobile is used widely across various organizations to manage mobile device fleets, the successful exploitation of this vulnerability could allow adversaries to compromise multiple systems within an organization concurrently, amplifying the scale of the attack.

  3. Operational Disruption and Downtime: The ability to execute code remotely may disrupt the normal operations of mobile management processes, causing significant downtime and resource drain as organizations work to remediate the vulnerability and mitigate its effects. This could lead to a financial burden and impact overall business continuity.

CISA has reported CVE-2026-1281

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2026-1281 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace

The CISA's recommendation is: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Endpoint Manager Mobile 12.x.1.x RPM

Endpoint Manager Mobile 12.x.1.x RPM

Endpoint Manager Mobile 12.x.0.x RPM

References

https://forums.ivanti.com/s/article/Security-Advisory-Iva...

EPSS Score

43% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • πŸ₯‡

    Vulnerability reached the number 1 worldwide trending spot

  • πŸ“ˆ

    Vulnerability started trending

  • πŸ‘Ύ

    Exploit known to exist

  • πŸ¦…

    CISA Reported

  • Vulnerability published

  • Vulnerability Reserved

JSON
.