Two essential code-injection vulnerabilities have been disclosed within the Endpoint Supervisor Cell (EPMM) platform, that are at the moment being actively exploited in real-world assaults.
The safety flaws, tracked as CVE-2026-1281 and CVE-2026-1340, enable unauthenticated attackers to execute arbitrary code remotely on susceptible methods.
The vulnerabilities carry a most CVSS severity rating of 9.8 and have an effect on a number of variations of EPMM, together with 12.5.0.0, 12.6.0.0, and 12.7.0.0.
In keeping with Ivanti’s safety advisory revealed on January 29, 2026, the corporate is conscious of a restricted variety of buyer environments which have already been compromised on the time of disclosure.
Lively Exploitation Confirmed
Each vulnerabilities stem from code-injection weaknesses (CWE-94) that may be exploited with out authentication or person interplay.
The assault vector is network-based and low-complexity, enabling risk actors to compromise susceptible EPMM cases remotely with minimal effort.
Profitable exploitation grants attackers full management over the confidentiality, integrity, and availability of affected methods.
CVE NumberDescriptionCVSS ScoreCVSS VectorCWECVE-2026-1281Code injection enabling unauthenticated RCE9.8 (Crucial)AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HCWE-94CVE-2026-1340Code injection enabling unauthenticated RCE9.8 (Crucial)AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HCWE-94
Ivanti has launched version-specific RPM patches to deal with the safety flaws. On the similar time, clients await the everlasting repair scheduled for model 12.8.0.0 in Q1 2026.
The short-term patches require no system downtime and don’t impression characteristic performance. Nonetheless, directors should reapply the RPM script after model upgrades.
Organizations operating EPMM ought to instantly apply the version-specific RPM patches out there via Ivanti’s help portal.
Prospects utilizing variations 12.5.0.x via 12.7.0.x require RPM 12.x.0.x, whereas these on 12.5.1.0 or 12.6.1.0 ought to deploy RPM 12.x.1.x.
The corporate emphasizes that just one patch is required primarily based on the deployed model.
Ivanti recommends security-conscious organizations take into account rebuilding EPMM environments and migrating knowledge to substitute methods as essentially the most conservative remediation strategy.
The corporate has supplied technical evaluation documentation with forensic steering, although dependable indicators of compromise stay unavailable as investigations proceed.
Notably, different Ivanti merchandise together with Endpoint Supervisor (EPM), Neurons for MDM, and Sentry home equipment should not affected by these vulnerabilities.
Observe us on Google Information, LinkedIn, and X for day by day cybersecurity updates. Contact us to characteristic your tales.
