Ivanti patched two critical zero-day vulnerabilities in EPMM


Ivanti has patched two critical zero-day vulnerabilities in its Endpoint Manager Mobile (EPMM) product that are already being exploited, continuing a grim run of January security incidents for enterprise IT vendors.

In January 2025, tens of thousands were urged to patch a Fortinet zero-day, while Ivanti customers were doing the same. There has been little change this year as Fortinet patches multiple single sign-on (SSO) flaws and Ivanti ships fixes for yet another pair of zero-days. Tracked as CVE-2026-1281 and CVE-2026-1340, both bugs affect Ivanti Endpoint Manager Mobile (EPMM). They’re also both rated a near-maximum CVSS score of 9.8 and allow for unauthenticated remote code execution (RCE) – about as bad as it gets.

Read more…
Source: The Register


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • Cisco Warns of Critical Vulnerability Revealed in ‘Vault 7’ Data Dump

    March 20, 2017

    Cisco Systems warned customers on Friday of a critical vulnerability that could allow an attacker to execute arbitrary code and obtain full control on more than 300 different models of its switches and routers. Cisco said it became aware of the vulnerability after WikiLeaks released its Vault 7 cache of documents that revealed the existence ...