CISA has added CVE-2026-1340, a critical code injection flaw in Ivanti Endpoint Manager Mobile (EPMM), to its Known Exploited Vulnerabilities catalog and ordered U.S. federal agencies to patch by April 11. The vulnerability allows unauthenticated remote code execution on internet-exposed appliances and has been actively exploited since January. Ivanti released patches on January 29, but nearly 950 EPMM instances remain exposed online. CISA also urges private sector organizations to prioritize patching. This is the 33rd Ivanti vulnerability CISA has flagged as exploited in attacks.
Table of contents
Related Articles:Sort: