Critical Ivanti EPMM Vulnerabilities: CVE-2026-1281 & CVE-2026-1340

In late January 2026 CISA added CVE-2026-1281 and CVE-2026-1340—critical, actively exploited vulnerabilities in Ivanti Endpoint Manager Mobile (EPMM). Attackers send HTTP GET requests with embedded bash commands to /mifs/c/aftstore/fob/ and /mifs/c/appstore/fob/, producing a distinctive 404 response signature; the report provides a detection regex, IOCs, post-exploitation indicators, and urgent remediation steps including patching, off-box log forwarding, isolation, and credential rotation.