Andere informatie en diensten van de overheid: www.belgium.be Centre for Cybersecurity Belgium
search

Warning: Remote Code Execution in Ivanti EPMM Endpoint Manager Mobile, Patch Immediately!

Image
Decorative image
Gepubliceerd : 30/01/2026
  • Last update: 30/01/2026
  • Affected software: EPMM Endpoint Manager Mobile versions 12.7.0.0, 12.6.0.0, 12.5.0.0, and prior
  • Type: Remote Code Execution
  • CVE/CVSS
    → CVE-2026-1340: CVSS 9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

    → CVE-2026-1281: CVSS 9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

Sources

Ivanti - https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Endpoint-Manager-Mobile-EPMM-CVE-2026-1281-CVE-2026-1340?language=en_US

Risks

Newly discovered vulnerabilities in Ivanti EPMM Endpoint Manager Mobile allows attackers to execute unauthorized code, potentially exposing sensitive company data and disrupting operations.

EPMM is a Unified Endpoint Management (UEM) platform designed to secure and manage mobile devices, applications, and content.

If exploited, this could lead to data breaches, system compromise, and operational downtime impacting confidentiality, integrity, and availability of critical businesses.

Description

Two critical security vulnerabilities, CVE-2026-1281 & CVE-2026-1340 have been identified in Ivanti Endpoint Manager Mobile (EPMM) versions 12.7.0.0, 12.6.0.0, 12.5.0.0, and prior. This flaw arises from code injection, a type of vulnerability that allows attackers to inject and execute malicious code into an application, potentially leading to full system compromise. 

In affected versions, an attacker can exploit this vulnerability via the In-House Application Distribution and Android File Transfer Configuration features, leading to unauthenticated remote code execution.

Recommended Actions

Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority after thorough testing.

Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity and ensure a swift response in case of an intrusion.

In case of an intrusion, you can report an incident via https://ccb.belgium.be/en/cert/report-incident.

While patching appliances or software to the newest version may protect against future exploitation, it does not remediate historic compromise.

References

HelpNetSecurity - https://www.helpnetsecurity.com/2026/01/30/ivanti-epmm-cve-2026-1281-cve-2026-1340/