2026-001: Critical vulnerabilities in Ivanti EPMM

Ivanti and CERT-EU published an advisory on 29 January 2026 describing two critical code-injection vulnerabilities (CVE-2026-1281 and CVE-2026-1340) in Ivanti Endpoint Manager Mobile (EPMM) with CVSS 9.8 that allow unauthenticated remote code execution; one vulnerability has been exploited in a limited number of cases. Affected versions include 12.5.1.0 and prior, 12.6.1.0 and prior, and 12.7.0.0 and prior; CERT-EU recommends preserving forensic evidence and applying the vendor hotfix (RPM 12.x.0 or 12.x.1), noting the RPM must be reapplied after upgrades and that a permanent fix is planned in 12.8.0.0.