Summary
Key Points:
- Two critical zero-day vulnerabilities (CVE-2026-1281 and CVE-2026-1340) in Ivanti Endpoint Manager Mobile (EPMM) are being actively exploited, allowing remote unauthenticated attackers to execute arbitrary code.
- Affected systems include Ivanti EPMM versions 12.7.0.0 and below, with significant risks including unauthorized access to Personally Identifiable Information (PII) and potential lateral movement within networks.
- Immediate remediation is required; organizations must update to the latest patched versions of EPMM outside of normal patching cycles.
Technical Details: CVE-2026-1281 has been confirmed exploited in the wild, enabling attackers to send malicious HTTP GET requests that execute arbitrary Bash commands on affected devices.
MITRE ATT&CK Techniques:
- T1203 - Exploitation for Client Execution (Execution)
- T1071.001 - Application Layer Protocol: Web Protocols (Command and Control)
IOCs Mentioned: None mentioned
Join the discussion — sign up to comment, upvote, and save articles.