The code injection flaws allow for unauthenticated remote code execution on Ivanti Endpoint Manager Mobile deployments, but also endanger connected Ivanti Sentry mobile traffic gateways.

CSO Online offers insights into cybersecurity, risk management, and IT leadership, providing articles, reports, and expert analysis to help security professionals navigate the evolving threat landscape and protect their organizations from cyber attacks. By exploring CSO Online's curated content, CISOs, security managers, and IT executives can learn about threat intelligence, security frameworks, and incident response strategies for building resilient cybersecurity programs. Whether you're defending against ransomware, phishing attacks, or insider threats, CSO Online offers resources to strengthen your security posture and safeguard your digital assets.

CSO Online

Ivanti released patches for two critical remote code execution vulnerabilities (CVE-2026-1281 and CVE-2026-1340) in Endpoint Manager Mobile that are being actively exploited. Both flaws allow unauthenticated code injection and are rated 9.8/10 on CVSS. Patches are available as version-specific RPM files that must be manually applied and reinstalled after upgrades. Compromised EPMM deployments may also affect connected Ivanti Sentry gateways. The advisory includes detailed detection guidance using log analysis, forensic inspection methods, and comprehensive remediation steps including password resets and certificate replacement.

Ivanti patches two actively exploited critical vulnerabilities in EPMM