theinfosecnews
theinfosecnews
Subscribe to Daily Digest

CVE-2026-1340

CISA KEV

Published April 8, 2026 · Updated April 9, 2026

high

What This Means

CVE-2026-1340 affects Ivanti Endpoint Manager Mobile (EPMM) and involves a code injection vulnerability that permits unauthenticated remote code execution by attackers. This could enable them to manipulate or control the affected systems without user interaction. To mitigate this risk, organizations should apply any available patches from Ivanti immediately and enhance monitoring on affected endpoints for signs of exploitation.

Official Description+

Ivanti Endpoint Manager Mobile (EPMM) contains a code injection vulnerability that could allow attackers to achieve unauthenticated remote code execution.

Affected Products

VendorProduct
IvantiEndpoint Manager Mobile (EPMM)

Patch Status

Patch by 2026-04-11

Recommended Actions

  1. Check if your systems use any of the affected products listed above.
  2. Apply vendor patches immediately if available.
  3. This vulnerability is in CISA's Known Exploited Vulnerabilities catalog — prioritize remediation.
  4. Monitor vendor advisories for updates and additional mitigations.
  5. Review logs for indicators of compromise related to CVE-2026-1340.