CISA KEV listing and FCEB patch order for Ivanti EPMM
Public Sector Action
Summary
Hide ▲
Show ▼
CISA added CVE-2026-1340 to the KEV Catalog and ordered FCEB agencies to patch Ivanti Endpoint Manager Mobile (EPMM) by Saturday midnight, April 11, forcing federal remediation of an exploited flaw that can enable unauthenticated remote code execution. The directive is tied to BOD 22-01 and raises the urgency for exposed federal systems running the vulnerable software. CISA also warned defenders that the issue is a frequent attack vector and advised rapid mitigation or discontinuation if mitigations are unavailable.
Related Happenings
CISA KEV remediation order for CVE-2026-48907
Public Sector Action
H score89
First: 17.06.2026 08:50
Last: 17.06.2026 08:50
Sources 1
About this happening:
CISA added **CVE-2026-48907** to the **KEV catalog** and ordered **FCEB agencies** to apply fixes by **June 19, 2026**, forcing federal remediation of an **actively exploited** Jo...
CISA KEV remediation order for CVE-2026-48907
Public Sector ActionAbout this happening: CISA added **CVE-2026-48907** to the **KEV catalog** and ordered **FCEB agencies** to apply fixes by **June 19, 2026**, forcing federal remediation of an **actively exploited** Jo...
CISA KEV order for FCEB agencies on LiteSpeed cPanel flaw
Public Sector Action
H score36
First: 16.06.2026 13:47
Last: 16.06.2026 13:47
Sources 1
About this happening:
**CISA** added the **LiteSpeed cPanel user-end plugin** flaw to **KEV** and ordered **Federal Civilian Executive Branch agencies** to secure systems within **three days** under **...
CISA KEV order for FCEB agencies on LiteSpeed cPanel flaw
Public Sector ActionAbout this happening: **CISA** added the **LiteSpeed cPanel user-end plugin** flaw to **KEV** and ordered **Federal Civilian Executive Branch agencies** to secure systems within **three days** under **...
CISA adds CVE-2026-20262 to KEV and orders federal fixes
Public Sector Action
H score32
First: 16.06.2026 09:05
Last: 16.06.2026 09:05
Sources 1
About this happening:
**CISA** added **CVE-2026-20262** to its **Known Exploited Vulnerabilities (KEV) catalog** and required **Federal Civilian Executive Branch (FCEB)** agencies to apply Cisco's fixe...
CISA adds CVE-2026-20262 to KEV and orders federal fixes
Public Sector ActionAbout this happening: **CISA** added **CVE-2026-20262** to its **Known Exploited Vulnerabilities (KEV) catalog** and required **Federal Civilian Executive Branch (FCEB)** agencies to apply Cisco's fixe...
CISA orders FCEB Ivanti Sentry remediation under BOD 26-04
Public Sector Action
H score36
First: 12.06.2026 11:26
Last: 12.06.2026 11:26
Sources 1
About this happening:
**CISA** ordered **FCEB agencies** to secure **Ivanti Sentry** within **three days** after confirming **CVE-2026-10520** is being **actively exploited**, creating immediate remedi...
CISA orders FCEB Ivanti Sentry remediation under BOD 26-04
Public Sector ActionAbout this happening: **CISA** ordered **FCEB agencies** to secure **Ivanti Sentry** within **three days** after confirming **CVE-2026-10520** is being **actively exploited**, creating immediate remedi...
CISA BOD 26-04 remediation requirements
Advisory/Mitigation
H score31
First: 11.06.2026 15:46
Last: 11.06.2026 15:46
Sources 1
About this happening:
CISA’s **Binding Operational Directive 26-04** forces **FCEB agencies** to speed up remediation of high-risk vulnerabilities, with some deadlines as short as **3 days** and new **...
CISA BOD 26-04 remediation requirements
Advisory/MitigationAbout this happening: CISA’s **Binding Operational Directive 26-04** forces **FCEB agencies** to speed up remediation of high-risk vulnerabilities, with some deadlines as short as **3 days** and new **...
Timeline
-
08.04.2026 21:15 1 articles · 3mo ago
Ivanti patches EPMM zero-day abuse
Mitigation Patch UpdateIvanti releases security updates for Ivanti Endpoint Manager Mobile (EPMM) to patch CVE-2026-1340 and CVE-2026-1281 after confirming both bugs were abused in zero-day attacks, and says a very limited number of customers had been exploited at the time of disclosure.
Show sources
- CISA orders feds to patch exploited Ivanti EPMM flaw by Sunday — www.bleepingcomputer.com — 08.04.2026 21:15
-
08.04.2026 21:15 2 articles · 3mo ago
CISA adds CVE-2026-1340 to KEV and orders federal patching
Legal Policy Action UpdateCISA adds CVE-2026-1340 to the Known Exploited Vulnerabilities (KEV) Catalog and orders Federal Civilian Executive Branch (FCEB) agencies to patch Ivanti Endpoint Manager Mobile (EPMM) systems by Saturday midnight, April 11, under Binding Operational Directive (BOD) 22-01, while urging all defenders to prioritize patches or discontinue use if mitigations are unavailable.
Show sources
- CISA orders feds to patch exploited Ivanti EPMM flaw by Sunday — www.bleepingcomputer.com — 08.04.2026 21:15
- CISA orders feds to patch exploited Ivanti EPMM flaw by Sunday — www.bleepingcomputer.com — 08.04.2026 21:15