Find notable cyber news and cases, enriched with sources, timelines, and signals.

CISA KEV listing and FCEB patch order for Ivanti EPMM

Public Sector Action
First reported
Last updated
Happening score
H score 40
1 unique sources, 1 articles

Summary

Hide ▲

CISA added CVE-2026-1340 to the KEV Catalog and ordered FCEB agencies to patch Ivanti Endpoint Manager Mobile (EPMM) by Saturday midnight, April 11, forcing federal remediation of an exploited flaw that can enable unauthenticated remote code execution. The directive is tied to BOD 22-01 and raises the urgency for exposed federal systems running the vulnerable software. CISA also warned defenders that the issue is a frequent attack vector and advised rapid mitigation or discontinuation if mitigations are unavailable.

Related Happenings

CISA KEV remediation order for CVE-2026-48907

Public Sector Action
H score89 First: 17.06.2026 08:50 Last: 17.06.2026 08:50 Sources 1

About this happening: CISA added **CVE-2026-48907** to the **KEV catalog** and ordered **FCEB agencies** to apply fixes by **June 19, 2026**, forcing federal remediation of an **actively exploited** Jo...

CISA KEV order for FCEB agencies on LiteSpeed cPanel flaw

Public Sector Action
H score36 First: 16.06.2026 13:47 Last: 16.06.2026 13:47 Sources 1

About this happening: **CISA** added the **LiteSpeed cPanel user-end plugin** flaw to **KEV** and ordered **Federal Civilian Executive Branch agencies** to secure systems within **three days** under **...

CISA adds CVE-2026-20262 to KEV and orders federal fixes

Public Sector Action
H score32 First: 16.06.2026 09:05 Last: 16.06.2026 09:05 Sources 1

About this happening: **CISA** added **CVE-2026-20262** to its **Known Exploited Vulnerabilities (KEV) catalog** and required **Federal Civilian Executive Branch (FCEB)** agencies to apply Cisco's fixe...

CISA orders FCEB Ivanti Sentry remediation under BOD 26-04

Public Sector Action
H score36 First: 12.06.2026 11:26 Last: 12.06.2026 11:26 Sources 1

About this happening: **CISA** ordered **FCEB agencies** to secure **Ivanti Sentry** within **three days** after confirming **CVE-2026-10520** is being **actively exploited**, creating immediate remedi...

CISA BOD 26-04 remediation requirements

Advisory/Mitigation
H score31 First: 11.06.2026 15:46 Last: 11.06.2026 15:46 Sources 1

About this happening: CISA’s **Binding Operational Directive 26-04** forces **FCEB agencies** to speed up remediation of high-risk vulnerabilities, with some deadlines as short as **3 days** and new **...

Timeline

  1. 08.04.2026 21:15 1 articles · 3mo ago

    Ivanti patches EPMM zero-day abuse

    Mitigation Patch Update

    Ivanti releases security updates for Ivanti Endpoint Manager Mobile (EPMM) to patch CVE-2026-1340 and CVE-2026-1281 after confirming both bugs were abused in zero-day attacks, and says a very limited number of customers had been exploited at the time of disclosure.

    Show sources
  2. 08.04.2026 21:15 2 articles · 3mo ago

    CISA adds CVE-2026-1340 to KEV and orders federal patching

    Legal Policy Action Update

    CISA adds CVE-2026-1340 to the Known Exploited Vulnerabilities (KEV) Catalog and orders Federal Civilian Executive Branch (FCEB) agencies to patch Ivanti Endpoint Manager Mobile (EPMM) systems by Saturday midnight, April 11, under Binding Operational Directive (BOD) 22-01, while urging all defenders to prioritize patches or discontinue use if mitigations are unavailable.

    Show sources