[Update] Multiple vulnerabilities in Ivanti Endpoint Manager Mobile (January 30, 2026)
[Update on February 9, 2026] On February 6, 2026, Ivanti made RPM detection scripts for indicators of compromise available, to be used depending on the installed version of EPMM. The vendor also updated its analysis guide (see Documentation section). [Update on February 2...
CSIRTS triage
- What
- Multiple vulnerabilities have been identified in Ivanti Endpoint Manager Mobile.
- Who is affected
- Users of Ivanti EPMM are affected.
- Urgency
- Remediation is important as vulnerabilities are actively exploited.
- Action
- Follow the vendor's guidance for RPM detection scripts and updates.
AI-assisted analysis generated from the source advisory — verify against the original.
⚡ Watch EPMM
Get an email when a new EPMM advisory drops — max one per day, one-click unsubscribe.
Details
Original advisory: https://www.cert.ssi.gouv.fr/alerte/CERTFR-2026-ALE-001/
Exploitation outlook
EPSS (FIRST.org) estimates each CVE’s probability of exploitation in the next 30 days — here is the CSIRTS.com read on those numbers.
- Exploitation likely imminentCVE-2026-1340EPSS puts this in the most-targeted tier (84.0% 30-day exploitation probability). Prioritize alongside KEV items. Riskier than 100% of all scored CVEs.
- Exploitation likely imminentCVE-2026-1281EPSS puts this in the most-targeted tier (81.2% 30-day exploitation probability). Prioritize alongside KEV items. Riskier than 100% of all scored CVEs.
Referenced CVEs
| CVE | CSIRTS overview | External |
|---|---|---|
| CVE-2026-1340 | coverage & exploitation status | NVD · CVE.org |
| CVE-2026-1281 | coverage & exploitation status | NVD · CVE.org |
Same CVEs, other sources
How other CERTs, PSIRTs and databases cover the vulnerabilities in this advisory.
- criticalexploitedCVE-2026-1340: Ivanti Endpoint Manager Mobile (EPMM) Code Injection Vulnerabilitycisa-kev
- critical2026-001: Critical vulnerabilities in Ivanti EPMMcert-eu
- criticalexploitedCVE-2026-1281: Ivanti Endpoint Manager Mobile (EPMM) Code Injection Vulnerabilitycisa-kev
Recent advisories for Ivanti Endpoint Manager
A cluster of recent advisories against the same product widens the attack surface — attackers routinely chain freshly published CVEs on one product, so review these together.
- criticalexploitedCVE-2026-6973: Ivanti Endpoint Manager Mobile (EPMM) Improper Input Validation Vulnerabilitycisa-kev · 2026-05-07
- criticalexploitedCVE-2026-1340: Ivanti Endpoint Manager Mobile (EPMM) Code Injection Vulnerabilitycisa-kev · 2026-04-08
- criticalexploitedCVE-2026-1603: Ivanti Endpoint Manager (EPM) Authentication Bypass Vulnerabilitycisa-kev · 2026-03-09
- criticalexploitedCVE-2026-1281: Ivanti Endpoint Manager Mobile (EPMM) Code Injection Vulnerabilitycisa-kev · 2026-01-29
- criticalexploitedCVE-2025-4428: Ivanti Endpoint Manager Mobile (EPMM) Code Injection Vulnerabilitycisa-kev · 2025-05-19
- criticalexploitedCVE-2025-4427: Ivanti Endpoint Manager Mobile (EPMM) Authentication Bypass Vulnerabilitycisa-kev · 2025-05-19
More from CERT-FR Alertes de sécurité
- unknown[Update] Vulnerability in Microsoft Exchange Server (May 15, 2026)2026-05-15
- unknownVulnerability in F5 BIG-IP Access Policy Manager (March 31, 2026)2026-03-31
- unknownAlert note – Targeting instant messaging accounts (March 20, 2026)2026-03-20
- unknown[Update] Vulnerability in Cisco Catalyst SD-WAN (February 25, 2026)2026-02-25
- unknown[Update] Vulnerability in React Server Components (December 5, 2025)2025-12-05