Code Injection Vulnerability in Ivanti Endpoint Manager Mobile
CVE-2026-1340
Key Information:
- Vendor
Ivanti
- Status
- Vendor
- CVE Published:
- 29 January 2026
Badges
What is CVE-2026-1340?
CVE-2026-1340 is a critical security vulnerability identified in the Ivanti Endpoint Manager Mobile, which is a software solution designed to help organizations manage mobile devices and apps in a secure, efficient manner. This specific vulnerability allows unauthorized attackers to execute remote code without authentication, thereby compromising the integrity of systems that utilize this management tool. The implications for organizations can be severe, as successful exploitation could lead to unauthorized access to sensitive data, manipulation of device configurations, and disruption of services. Given the pervasive use of mobile devices in corporate environments, this vulnerability presents a significant risk to enterprise security.
Potential impact of CVE-2026-1340
-
Unauthorized Remote Code Execution: Attackers can exploit the vulnerability to gain control over affected systems, allowing them to execute arbitrary code. This can lead to further exploitation, installation of malicious software, or data theft.
-
Data Breaches: Exploitation of this vulnerability can expose sensitive corporate data stored on mobile devices managed by Ivanti Endpoint Manager Mobile, potentially leading to severe financial and reputational damage.
-
Service Disruption: The ability to manipulate or take control of mobile device management functionalities can disrupt normal operations, hinder productivity, and significantly affect the organization's ability to maintain secure mobile environments.
CISA has reported CVE-2026-1340
CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2026-1340 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace
The CISA's recommendation is: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
Endpoint Manager Mobile 12.x.1.x RPM
Endpoint Manager Mobile 12.x.1.x RPM
Endpoint Manager Mobile 12.x.0.x RPM
News Articles
It Security NewsCVE-2026-1340CISA Warns of Critical Ivanti EPMM Code Injection Vulnerability Exploited in Attacks - IT Security News
The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning regarding a critical security flaw in Ivanti Endpoint Manager Mobile (EPMM). The agency recently added this flaw, tracked as CVE-2026-1340, to its Known Exploited Vulnerabilities (KEV) catalog after…Read more →
2 days ago
CybersecuritynewsCVE-2026-1340CISA Warns of Critical Ivanti EPMM Code Injection Vulnerability Exploited in Attacks
CISA warns of an actively exploited CVE-2026-1340 flaw in Ivanti Endpoint Manager Mobile, now added to its KEV catalog.
2 days ago
It Security NewsCVE-2026-1340CISA Issues Warning on Critical Ivanti EPMM Flaw Exploited in Ongoing Attacks - IT Security News
The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert regarding a critical security flaw in Ivanti Endpoint Manager Mobile (EPMM). The agency recently added the vulnerability, identified as CVE-2026-1340, to its Known Exploited Vulnerabilities (KEV) catalog after…Rea...
2 days ago
References
EPSS Score
73% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
- 👾
Exploit known to exist
- 🦅
CISA Reported
- 📰
First article discovered by BleepingComputer
Vulnerability published
Vulnerability Reserved