2026-001: Critical vulnerabilities in Ivanti EPMM
On 29 January 2026, Ivanti released a security advisory addressing two critical vulnerabilities in their EPMM products. An attacker could exploit those flaws to achieve unauthenticated remote code execution on the vulnerable device. One of these vulnerabilities have been exploited in a limited number of cases.
CSIRTS triage
- What
- Two critical vulnerabilities allow unauthenticated remote code execution on vulnerable devices.
- Who is affected
- Customers using Ivanti EPMM products are affected.
- Urgency
- Remediation is critical as one of the vulnerabilities has been exploited in limited cases.
- Action
- Update to the latest version of Ivanti EPMM.
AI-assisted analysis generated from the source advisory — verify against the original.
⚡ Watch EPMM
Get an email when a new EPMM advisory drops — max one per day, one-click unsubscribe.
Details
Original advisory: https://cert.europa.eu/publications/security-advisories/2026-001/
Exploitation outlook
EPSS (FIRST.org) estimates each CVE’s probability of exploitation in the next 30 days — here is the CSIRTS.com read on those numbers.
- Exploitation likely imminentCVE-2026-1281EPSS puts this in the most-targeted tier (81.2% 30-day exploitation probability). Prioritize alongside KEV items. Riskier than 100% of all scored CVEs.
- Exploitation likely imminentCVE-2026-1340EPSS puts this in the most-targeted tier (84.0% 30-day exploitation probability). Prioritize alongside KEV items. Riskier than 100% of all scored CVEs.
Referenced CVEs
| CVE | CSIRTS overview | External |
|---|---|---|
| CVE-2026-1281 | coverage & exploitation status | NVD · CVE.org |
| CVE-2026-1340 | coverage & exploitation status | NVD · CVE.org |
Same CVEs, other sources
How other CERTs, PSIRTs and databases cover the vulnerabilities in this advisory.
- criticalexploitedCVE-2026-1340: Ivanti Endpoint Manager Mobile (EPMM) Code Injection Vulnerabilitycisa-kev
- unknown[Update] Multiple vulnerabilities in Ivanti Endpoint Manager Mobile (January 30, 2026)cert-fr-alerte
- criticalexploitedCVE-2026-1281: Ivanti Endpoint Manager Mobile (EPMM) Code Injection Vulnerabilitycisa-kev
Recent advisories for 2026-001
A cluster of recent advisories against the same product widens the attack surface — attackers routinely chain freshly published CVEs on one product, so review these together.
- criticalDrupal core - Critical - Cross-site scripting - SA-CORE-2026-001drupal · 2026-04-15
More from CERT-EU Security Advisories
- critical2026-008: Critical vulnerabilities in Ivanti Sentry2026-06-10
- critical2026-007: Critical Vulnerability in Windows Netlogon2026-06-10
- critical2026-006: Critical Vulnerability in PAN-OS2026-05-06
- high2026-005: High Vulnerability in the Linux Kernel ("Copy Fail")2026-04-30
- critical2026-004: Critical Vulnerability in SharePoint Exploited2026-03-25