Ivanti security patch release for CVE-2026-1281
Security Patch Release
Summary
Hide ▲
Show ▼
Ivanti released security updates for Ivanti Endpoint Manager Mobile (EPMM) after disclosure of two critical zero-day flaws that can enable unauthenticated remote code execution. The patch set covers CVE-2026-1281 and CVE-2026-1340 on affected EPMM 12.5.0.0 and prior, 12.6.0.0 and prior, 12.7.0.0 and prior, with a permanent fix planned for 12.8.0.0. CISA also added CVE-2026-1281 to the KEV catalog, making timely remediation especially urgent.
Cases
Related Happenings
Kandji security patch release for CVE-2026-39118
Security Patch Release
H score17
First: 25.06.2026 14:00
Last: 25.06.2026 14:00
Sources 1
About this happening:
Kandji fixed its **MDM agent** on **macOS** and assigned **CVE-2026-39118** after validation showed a trust issue that could let a standard user disable enterprise security contro...
Kandji security patch release for CVE-2026-39118
Security Patch ReleaseAbout this happening: Kandji fixed its **MDM agent** on **macOS** and assigned **CVE-2026-39118** after validation showed a trust issue that could let a standard user disable enterprise security contro...
CISA BOD 26-04 remediation requirements
Advisory/Mitigation
H score31
First: 11.06.2026 15:46
Last: 11.06.2026 15:46
Sources 1
About this happening:
CISA’s **Binding Operational Directive 26-04** forces **FCEB agencies** to speed up remediation of high-risk vulnerabilities, with some deadlines as short as **3 days** and new **...
CISA BOD 26-04 remediation requirements
Advisory/MitigationAbout this happening: CISA’s **Binding Operational Directive 26-04** forces **FCEB agencies** to speed up remediation of high-risk vulnerabilities, with some deadlines as short as **3 days** and new **...
Ghost CMS CVE-2026-26980 ClickFix campaign
Campaign
H score42
First: 24.05.2026 17:12
Last: 24.05.2026 17:12
Sources 1
About this happening:
A **large-scale campaign** is exploiting **CVE-2026-26980** in **Ghost CMS** to plant malicious JavaScript and drive **ClickFix** lure pages, putting exposed sites and their visit...
Ghost CMS CVE-2026-26980 ClickFix campaign
CampaignAbout this happening: A **large-scale campaign** is exploiting **CVE-2026-26980** in **Ghost CMS** to plant malicious JavaScript and drive **ClickFix** lure pages, putting exposed sites and their visit...
Ivanti security patch release for CVE-2026-8043
Security Patch Release
H score25
First: 18.05.2026 13:54
Last: 18.05.2026 13:54
Sources 1
About this happening:
**Ivanti, Fortinet, SAP, Broadcom, and n8n** released **security fixes** on **2026-05-18** for flaws that could enable **authentication bypass**, **remote code execution**, **SQL...
Ivanti security patch release for CVE-2026-8043
Security Patch ReleaseAbout this happening: **Ivanti, Fortinet, SAP, Broadcom, and n8n** released **security fixes** on **2026-05-18** for flaws that could enable **authentication bypass**, **remote code execution**, **SQL...
CISA emergency patch deadline for Ivanti EPMM
Public Sector Action
H score40
First: 08.05.2026 15:16
Last: 08.05.2026 15:16
Sources 1
About this happening:
CISA ordered **U.S. federal agencies** to patch **Ivanti EPMM** by **midnight Sunday, May 10** after adding **CVE-2026-6973** to its list of vulnerabilities exploited in attacks....
CISA emergency patch deadline for Ivanti EPMM
Public Sector ActionAbout this happening: CISA ordered **U.S. federal agencies** to patch **Ivanti EPMM** by **midnight Sunday, May 10** after adding **CVE-2026-6973** to its list of vulnerabilities exploited in attacks....
Timeline
-
13.02.2026 00:05 1 articles · 4mo ago
Ivanti EPMM attacks hit European Commission and government agencies
Campaign Scope UpdateReported on Feb. 12, 2026, attacks tied to Ivanti Endpoint Manager Mobile (EPMM) had struck the European Commission and agencies of the Dutch and Finnish governments after Ivanti disclosed CVE-2026-1281 and CVE-2026-1340 on Jan. 29. The European Commission said its central infrastructure managing mobile devices was hit on Jan. 30, with staff names and mobile numbers compromised, while Valtori said an attack of the same nature affected around 50,000 people associated with Finland's central government and leaked names, email addresses, phone numbers, and other device details.
Show sources
- Ivanti EPMM Zero-Day Bugs Spark Exploit Frenzy — Again — www.darkreading.com — 13.02.2026 00:05
-
30.01.2026 06:43 2 articles · 5mo ago
Ivanti releases EPMM fixes for two zero-day RCE flaws
Mitigation Patch UpdateIvanti released security updates for Ivanti Endpoint Manager Mobile (EPMM) after two critical code-injection flaws, CVE-2026-1281 and CVE-2026-1340, were exploited in zero-day attacks. The issues allow unauthenticated remote code execution in the In-House Application Distribution and Android File Transfer Configuration features, affect EPMM 12.5.0.0 and prior, 12.6.0.0 and prior, 12.7.0.0 and prior, and are fixed in RPM 12.x.0.x and RPM 12.x.1.x, with a permanent fix planned for EPMM 12.8.0.0 in Q1 2026.
Show sources
- Two Ivanti EPMM Zero-Day RCE Flaws Actively Exploited, Security Updates Released — thehackernews.com — 30.01.2026 06:43
- Two Ivanti EPMM Zero-Day RCE Flaws Actively Exploited, Security Updates Released — thehackernews.com — 30.01.2026 06:43
-
30.01.2026 06:43 2 articles · 5mo ago
CISA adds CVE-2026-1281 to the KEV catalog
Legal Policy Action UpdateCISA added CVE-2026-1281 to the Known Exploited Vulnerabilities (KEV) catalog, and Federal Civilian Executive Branch (FCEB) agencies must apply the updates by February 1, 2026. The policy action raises remediation urgency for Ivanti Endpoint Manager Mobile (EPMM) deployments exposed to the actively exploited zero-day flaw.
Show sources
- Two Ivanti EPMM Zero-Day RCE Flaws Actively Exploited, Security Updates Released — thehackernews.com — 30.01.2026 06:43
- CISA orders feds to patch exploited Ivanti EPMM flaw by Sunday — www.bleepingcomputer.com — 08.04.2026 21:15