Code Injection Vulnerability in Ivanti Endpoint Manager Mobile
CVE-2026-1281

9.8CRITICAL

Key Information:

Vendor: Ivanti
Status: Endpoint Manager Mobile
Vendor: CVE Published:; 29 January 2026

What is CVE-2026-1281?

Ivanti Endpoint Manager Mobile is susceptible to a code injection vulnerability that can enable attackers to conduct unauthenticated remote code execution. This vulnerability poses a significant risk as it allows unauthorized users to execute arbitrary commands on the system, potentially compromising sensitive data and system integrity. Organizations using Ivanti Endpoint Manager Mobile should review their instances of the software and implement the necessary patches or mitigations outlined by Ivanti to protect against potential exploitation.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Endpoint Manager Mobile 12.x.1.x RPM

Endpoint Manager Mobile 12.x.0.x RPM

References

https://forums.ivanti.com/s/article/Security-Advisory-Iva...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 29, 2026
Vulnerability Reserved
Jan 21, 2026

JSON

Ivanti

What is CVE-2026-1281?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.