"Ivanti has rolled out security updates to address two security flaws impacting Ivanti Endpoint Manager Mobile (EPMM) that have been exploited in zero-day attacks, one of which has been added by the U.S. Cybersecurity and Infrastructure Security Agency ( CISA) to its Known Exploited Vulnerabilities (KEV) catalog. The critical-severity vulnerabilities are listed below - CVE-2026-1281 (CVSS score: 9.8) - A code injection allowing attackers to achieve unauthenticated remote code execution"
"They affect the following versions - EPMM 12.5.0.0 and prior, 12.6.0.0 and prior, and 12.7.0.0 and prior (Fixed in RPM 12.x.0.x) EPMM 12.5.1.0 and prior and 12.6.1.0 and prior (Fixed in RPM 12.x.1.x) However, it bears noting that the RPM patch does not survive a version upgrade and must be reapplied if the appliance is upgraded to a new version. The vulnerabilities will be permanently addressed in EPMM version 12.8.0.0, which will be released later in Q1 2026."
Ivanti released updates to fix two critical EPMM vulnerabilities, CVE-2026-1281 and CVE-2026-1340, each rated CVSS 9.8, that allow unauthenticated code injection and remote code execution. The flaws affect EPMM releases including 12.5.0.0 and prior, 12.6.0.0 and prior, 12.7.0.0 and prior, and certain 12.5.1.0/12.6.1.0 builds. The RPM patch does not survive an appliance upgrade and must be reapplied after upgrading. EPMM version 12.8.0.0 will permanently address the vulnerabilities and is scheduled for release in Q1 2026. Ivanti reported a very limited number of exploited customers and observed persistence via web shells and reverse shells. The flaws affect In-House Application Distribution and Android File Transfer Configuration and do not impact Ivanti Neurons for MDM, EPM, or Sentry.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]