Ivanti Endpoint Manager Mobile Zero-Days Exploited (CVE-2026-1281, CVE-2026-1340)

On January 29, Ivanti published an advisory for two zero-day vulnerabilities in Endpoint Manager Mobile (EPMM), formerly MobileIron Core:

CVE	Description	CVSSv3
CVE-2026-1281	Ivanti Endpoint Manager Mobile Remote Code Execution Vulnerability	9.8
CVE-2026-1340	Ivanti Endpoint Manager Mobile Remote Code Execution Vulnerability	9.8

According to Ivanti, both vulnerabilities were exploited in the wild affecting “a very limited number of customers.” Due to its ongoing investigation, Ivanti did not include any indicators of compromise.

Ivanti products are popular targets for attackers, and over the last several years, there have been multiple EPMM vulnerabilities exploited in the wild.

For more information about these vulnerabilities, including the availability of patches and Tenable product coverage, please visit our blog.

Cyber Exposure Alerts

IVANTI

ZERO-DAY

Vulnerability Watch

Forum Discussion

Ivanti Endpoint Manager Mobile Zero-Days Exploited (CVE-2026-1281, CVE-2026-1340)

Recent Discussions

Key findings from the Verizon DBIR 2026: Slower vulnerability remediation meets faster exploitation

FAQ about the continued exploitation of Cisco Catalyst SD-WAN vulnerabilities (CVE-2026-20182)

CVE-2026-46300 (Fragnesia): Frequently Asked Questions About New Linux Kernel Privilege Escalation

Microsoft’s May 2026 Patch Tuesday Addresses 118 CVEs (CVE-2026-41103)

Dirty Frag (CVE-2026-43284, CVE-2026-43500): FAQs about this Linux kernel LPE vulnerability chain

Americas

Europe

Asia / Australia