COOEY // HUBcompliance · community · intelligence

Exposures › CVE-2026-1340

CVE-2026-1340

Severity
high · on CISA KEV actively exploited
Source
CISA-KEV · kev
Published
2026-04-08
Reference
https://nvd.nist.gov/vuln/detail/CVE-2026-1340
⚡ RCE ⌖ exploited in the wild shame 85/100 rceexploited-in-wildransomwaresupply-chain

Ivanti EPMM allows unauthenticated remote code execution via code injection, enabling attackers to compromise endpoint management systems without credentials.

This unauthenticated RCE vulnerability in Ivanti Endpoint Manager Mobile allows attackers to execute arbitrary code on managed endpoints without authentication, posing a severe risk to DIB organizations relying on endpoint management for security posture and compliance. The vulnerability is actively exploited in the wild and linked to ransomware campaigns, making it a critical priority for patching and network segmentation to prevent lateral movement.

Shame score — An unauthenticated RCE vulnerability in a widely deployed endpoint management product that is actively exploited in the wild represents a severe, avoidable security failure.

Players implicated

Ivanti · vendorEndpoint Manager Mobile (EPMM) · product

Description

Ivanti Endpoint Manager Mobile (EPMM) contains a code injection vulnerability that could allow attackers to achieve unauthenticated remote code execution.

Affected FedRAMP products 2 in the catalog

ProductProviderStatusMatch
Ivanti Neurons for ITSM (Formerly Service Manager) Ivanti Authorized vendor-exact · 0.90
Ivanti Neurons for MDM (Formerly MobileIron) Ivanti Authorized vendor-exact · 0.90