Critical Unauthenticated RCE in Ivanti Endpoint Manager Mobile (CVE-2026-1340) Added to CISA KEV Catalog
What It Is — A critical code‑injection flaw in Ivanti Endpoint Manager Mobile (EPMM) that enables unauthenticated remote code execution. CVSS 9.8.
Exploitability — Actively exploited in the wild; a proof‑of‑concept was released shortly after disclosure. The vulnerability is now listed in CISA’s Known Exploited Vulnerabilities (KEV) catalog.
Affected Products — Ivanti Endpoint Manager Mobile versions 12.5.0.0 and earlier, 12.5.1.0 and earlier, 12.6.0.0 and earlier, 12.6.1.0 and earlier, 12.7.0.0 and earlier (RPM 12.x series).
TPRM Impact — Organizations that rely on Ivanti EPMM for device management face a supply‑chain risk: a compromised manager can execute arbitrary code on managed endpoints, potentially exposing corporate data and disrupting operations.
Recommended Actions —
- Apply Ivanti’s patch (12.6.0.0+, 12.6.1.0+, 12.7.0.0+).
- Deploy the Ivanti Exploitation Detection RPM and review generated logs.
- Conduct a forensic review of any pre‑patch alerts.
- Update internal asset inventories to reflect the patched version.
- For federal agencies, meet the CISA remediation deadline of 11 April 2026.
Source: Security Affairs