CISA added Ivanti EPMM Vulnerability to its Known Exploited Vulnerabilities Catalog (CVE-2026-1340)
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is informing users about an Ivanti Endpoint Manager vulnerability, tracked as CVE-2026-1340. CISA added the vulnerability to its Known Exploited Vulnerabilities Catalog, urging users to patch before April 11, 2026.
Ivanti addressed the vulnerability in its February security updates. The code injection vulnerability may allow attackers to achieve unauthenticated remote code execution.
Ivanti Endpoint Manager Mobile (EPMM) is an on-premise Unified Endpoint Management (UEM) platform designed to secure and manage mobile devices, applications, and content. It enables IT administrators to enforce security policies, manage device lifecycles (iOS, Android, Windows, macOS), and protect corporate data on company-owned or BYOD devices.
Ivanti released an Exploitation Detection RPM package for its users to help them assess potential exploitation. Users can run the RPM package on their appliance to download the SHOWTECH logs to view the tool’s output. Users should then review the output with their security team to verify the results and determine potential impact. The RPM tool looks for specific indicators related to known malicious activity.
Affected and Patched Versions
| Product Name | Affected Versions | Resolved Versions |
| Ivanti Endpoint Manager Mobile | 12.5.0.0 and prior 12.6.0.0 and prior 12.7.0.0 and prior |
RPM 12.x.0.x |
| Ivanti Endpoint Manager Mobile | 12.5.1.0 and prior 12.6.1.0 and prior |
RPM 12.x.1.x |
For more information, please refer to the Ivanti Security Advisory.
Qualys Detection
Qualys customers can scan their devices with QIDs 733655 and 530890 to detect vulnerable assets.
Please continue to follow Qualys Threat Protection for more coverage of the latest vulnerabilities.
Comments are closed.