CVE-2026-1281, CVE-2026-1340: Ivanti Endpoint Manager Mobile (EPMM) Zero-Day Vulnerabilities Exploited
ID: 12af2349-79ab-5bc9-ab86-258719437b8c
STIX ID: report--12af2349-79ab-5bc9-ab86-258719437b8c
Feed Name: Tenable Blog
Threat Score
Ivanti disclosed two critical RCE vulnerabilities (CVE-2026-1281 and CVE-2026-1340) in Endpoint Manager Mobile that have been exploited in a very limited number of in-the-wild attacks; both are CVSS 9.8, a public PoC exists, and Ivanti issued temporary RPM mitigations pending a permanent fix in the forthcoming 12.8.0.0 release.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.