Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Ivanti Endpoint Manager Mobile (EPMM) actively exploited code injection flaws (multiple vulnerabilities)

Vulnerability
First reported
Last updated
Happening score
H score 65
3 unique sources, 3 articles

Summary

Hide ▲

Ivanti Endpoint Manager Mobile (EPMM) is affected by two critical code-injection flawsCVE-2026-1281 and CVE-2026-1340 — that enable unauthenticated remote code execution and were exploited in zero-day attacks. Ivanti has released updates, and CISA added CVE-2026-1281 to the KEV catalog, making the issue urgent for exposed deployments.

Cases

Ivanti Endpoint Manager Mobile zero-day exploitation, European government breaches, and concentrated attack wave (5) Ivanti Endpoint Manager Mobile zero-day exploitation, European government breaches, and concentrated attack wave (5) Ivanti Endpoint Manager Mobile zero-day exploitation, European government breaches, and concentrated attack wave (5) Ivanti Endpoint Manager Mobile zero-day exploitation, European government breaches, and concentrated attack wave (5) Ivanti Endpoint Manager Mobile zero-day exploitation, European government breaches, and concentrated attack wave (5)

Related Happenings

CISA emergency patch deadline for Ivanti EPMM

Public Sector Action
First: 08.05.2026 15:16 Last: 08.05.2026 15:16 Sources 1

About this happening: CISA ordered **U.S. federal agencies** to patch **Ivanti EPMM** by **midnight Sunday, May 10** after adding **CVE-2026-6973** to its list of vulnerabilities exploited in attacks....

Open Happening

Ivanti EPMM zero-day remote code execution (CVE-2026-6973)

Vulnerability
First: 07.05.2026 18:20 Last: 07.05.2026 18:20 Sources 1

About this happening: Ivanti's disclosure of **CVE-2026-6973** puts **Endpoint Manager Mobile (EPMM)** customers on alert for a **zero-day remote code execution** flaw that can let authenticated admins...

Latest development: 07.05.2026 20:55

The U.S. Cybersecurity and Infrastructure Security Agency added CVE-2026-6973 to its Known Exploited Vulnerabilities (KEV) catalog and required Federal Civilian Executive Branch agencies to apply the fixes by May 10, 2026.

Open Happening

NIST CVE/NVD prioritization shift

Public Sector Action
First: 17.04.2026 00:47 Last: 17.04.2026 00:47 Sources 1

About this happening: **NIST** is **changing** its **CVE/NVD prioritization** so that, starting **April 15, 2026**, it will provide full details only for a **subset of CVEs**. The shift matters because...

Open Happening

CISA KEV listing and FCEB patch order for Ivanti EPMM

Public Sector Action
First: 08.04.2026 21:15 Last: 08.04.2026 21:15 Sources 1

How related: On Monday, the U.S. Cybersecurity and Infrastructure Security Agency added the vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog and ordered Federal Civilian Executive Branch (FCEB) agencies to patch their EPMM systems by Saturday midnight, April 11, as mandated by Binding Operational Directive (BOD) 22-01.

About this happening: **CISA** added **CVE-2026-1340** to the **KEV Catalog** and ordered **FCEB agencies** to patch **Ivanti Endpoint Manager Mobile (EPMM)** by **Saturday midnight, April 11**, forcin...

Open Happening

CISA KEV order for CVE-2026-3055 on Citrix appliances

Public Sector Action
First: 31.03.2026 10:05 Last: 31.03.2026 10:05 Sources 1

About this happening: CISA added **CVE-2026-3055** to the **KEV Catalog** and ordered **FCEB agencies** to secure **Citrix NetScaler** appliances by **Thursday, April 2**, turning an **actively exploit...

Open Happening

Timeline

  1. 08.04.2026 21:15 1 articles · 1mo ago

    CISA orders federal agencies to patch Ivanti EPMM CVE-2026-1340

    Legal Policy Action Update

    CISA added CVE-2026-1340 to the Known Exploited Vulnerabilities (KEV) Catalog and ordered Federal Civilian Executive Branch agencies to patch Ivanti Endpoint Manager Mobile (EPMM) systems by Saturday midnight, April 11, under Binding Operational Directive (BOD) 22-01. CISA also urged defenders in the private sector to prioritize patches for the critical code-injection flaw affecting Internet-exposed, unpatched EPMM appliances.

    Show sources
    Open in new tab
  2. 13.02.2026 00:05 1 articles · 3mo ago

    Ivanti EPMM exploitation spreads across European government targets

    Campaign Scope Update

    Attacks tied to Ivanti Endpoint Manager Mobile (EPMM) hit the European Commission, Valtori, and agencies of the Dutch and Finnish governments, with the European Commission's central infrastructure managing mobile devices disrupted for nine hours and Valtori reporting leaked names, email addresses, phone numbers, and other device details for about 50,000 people. Researchers also tracked a later Feb. 9 spike in attempted attacks, while watchTowr publicly described a proof-of-concept exploit and Greynoise traced most of the spike to a single bulletproof-hosting IP address.

    Show sources
    Open in new tab
  3. 30.01.2026 06:43 2 articles · 3mo ago

    Ivanti discloses exploited EPMM code-injection flaws

    Initial Disclosure

    Ivanti disclosed security updates for Ivanti Endpoint Manager Mobile (EPMM) after identifying CVE-2026-1281 and CVE-2026-1340, two critical CVSS 9.8 code-injection flaws that can allow unauthenticated remote code execution. Ivanti said a very limited number of customers had been exploited at the time of disclosure, that the flaws affect the In-House Application Distribution and Android File Transfer Configuration features, and that they do not affect Ivanti Neurons for MDM, Ivanti Endpoint Manager (EPM), or Ivanti Sentry. Administrators were told to review Apache access logs at /var/log/httpd/https-access_log for attempted or successful exploitation, inspect administrator and configuration changes, and apply the fixed RPM 12.x.0.x or RPM 12.x.1.x updates; CISA added CVE-2026-1281 to the KEV catalog and required Federal Civilian Executive Branch agencies to apply the updates by February 1, 2026.

    Show sources
    Open in new tab