Pierluigi Paganini
January 30, 2026
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added an Ivanti EPMM vulnerability, tracked as CVE-2026-1281 (CVSS score of 9.8), to its Known Exploited Vulnerabilities (KEV) catalog.
The vulnerability is a code injection that impacts Ivanti Endpoint Manager Mobile. An unauthenticated attacker can exploit the vulnerability to achieve remote code execution.
“A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution.” reads the advisory.
The company confirmed that it is aware of attacks in the wild exploiting this vulnerability.
“We are aware of a very limited number of customers who have been exploited at the time of disclosure.” continues the advisory.
Ivanti said the investigation is ongoing and no reliable indicators of compromise are available yet, though technical guidance has been shared. Sentry and Ivanti Neurons for MDM are not vulnerable, and cloud customers are unaffected. Ivanti has released a patch, expanded customer support, and is working with security partners and law enforcement.
According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities, FCEB agencies have to address the identified vulnerabilities by the due date to protect their networks against attacks exploiting the flaws in the catalog.
Experts also recommend that private organizations review the Catalog and address the vulnerabilities in their infrastructure.
CISA orders federal agencies to fix the vulnerability by February 2, 2026.
US CISA also published an alert related to this flaw titled “Fortinet Releases Guidance to Address Ongoing Exploitation of Authentication Bypass Vulnerability CVE-2026-24858“
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, US CISA Known Exploited Vulnerabilities catalog)
