Ivanti Patches Exploited EPMM Zero-Days

Ivanti Patches Exploited EPMM Zero-Days

Briefly

"Ivanti on Thursday announced emergency patches for two critical-severity vulnerabilities in Endpoint Manager Mobile (EPMM) that have been exploited in the wild as zero-days. Tracked as CVE-2026-1281 and CVE-2026-1340 (CVSS score of 9.8), the bugs are described as code injection issues that could be exploited by unauthenticated attackers to achieve remote code execution (RCE). The flaws impact the in-house application distribution and the Android file transfer configuration features of EPMM."

"Successful exploitation of the zero-days could allow attackers to execute arbitrary code, move laterally to the connected environment, and access sensitive information stored in the EPMM. Such information may include administrator information (name, email, and username), user information (name, email, and username, user principal name for AD), and mobile device details (phone number, location, identifier, IMEI, IP address, UUID, application details, and other identification data)."

"Ivanti released RPM patches 12.x.0.x and 12.x.1.x that address the security defects. The fixes are version-specific, and customers need to apply only the RPM applicable to their EPMM iteration. The company notes that the RPM scripts need to be reapplied in the event EPMM is updated to a newer version. "We strongly encourage all EPMM customers to adopt version 12.8.0.0 once it has been released later in Q1 2026. Once you have upgraded to 12.8.0.0, you will not need to reapply the RPM script," Ivanti notes."