Ivanti Patches Exploited EPMM Zero-Days

Ivanti on Thursday announced emergency patches for two critical-severity vulnerabilities in Endpoint Manager Mobile (EPMM) that have been exploited in the wild as zero-days.

Tracked as CVE-2026-1281 and CVE-2026-1340 (CVSS score of 9.8), the bugs are described as code injection issues that could be exploited by unauthenticated attackers to achieve remote code execution (RCE).

The flaws impact the in-house application distribution and the Android file transfer configuration features of EPMM.

Successful exploitation of the zero-days could allow attackers to execute arbitrary code, move laterally to the connected environment, and access sensitive information stored in the EPMM.

Such information may include administrator information (name, email, and username), user information (name, email, and username, user principal name for AD), and mobile device details (phone number, location, identifier, IMEI, IP address, UUID, application details, and other identification data).

“We are aware of a very limited number of customers whose solution has been ...