Code Injection Vulnerability in Ivanti Endpoint Manager Mobile
CVE-2026-1340

9.8CRITICAL

Key Information:

Vendor: Ivanti
Status: Endpoint Manager Mobile
Vendor: CVE Published:; 29 January 2026

What is CVE-2026-1340?

A severe code injection vulnerability has been identified in Ivanti Endpoint Manager Mobile, which can potentially allow attackers to execute arbitrary code remotely without authentication. This issue poses a significant security risk, as it could lead to unauthorized access and manipulation of sensitive data across affected systems. Administrators are advised to review security advisories and update to the latest versions to mitigate this vulnerability.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Endpoint Manager Mobile 12.x.1.x RPM

Endpoint Manager Mobile 12.x.0.x RPM

References

https://forums.ivanti.com/s/article/Security-Advisory-Iva...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 29, 2026
Vulnerability Reserved
Jan 22, 2026

JSON

Ivanti

What is CVE-2026-1340?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.