CVE-2026-1340
📛 CVE Title
CVE-2026-1340
Description
A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution.
Overview
- State
- PUBLISHED
- Assigner (CNA)
- ivanti
- CVSS severity
- CRITICAL
- CVSS score
- 9.8 / 10
- CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H- Effective score
- 9.8 / 10 CRITICAL source: CNA overview
- CWE(s)
-
CWE-94 - Reserved
- 2026-01-22
- Published
- 2026-01-29 21:33 UTC
- Last updated
- 2026-04-09 03:55 UTC
- Source
- https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2026/1xxx/CVE-2026-1340.json
- Linked Threat
- CVE-2026-1340 — Ivanti Endpoint Manager Mobile (EPMM): Ivanti Endpoint Manager Mobile (EPMM) Code Injection Vulnerability
CISA Known Exploited Vulnerabilities CISA KEV
CISA has confirmed in-the-wild exploitation of this CVE. Federal agencies must remediate by the due date below; private orgs should treat it as priority-1.
- Vulnerability name
- Ivanti Endpoint Manager Mobile (EPMM) Code Injection Vulnerability
- Vendor / project
- Ivanti
- Product
- Endpoint Manager Mobile (EPMM)
- Date added to KEV
- 2026-04-08
- Remediation due
- 2026-04-11
- Required action
- Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Ransomware campaign use
- Unknown
- CISA notes
- Please adhere to Ivanti's guidelines to assess exposure and mitigate risks. Check for signs of potential compromise on all internet accessible Ivanti products affected by this vulnerability. Apply any final mitigations provided by the vendor as soon as possible. For more information please see: https://hub.ivanti.com/s/article/Security-Advisory-Ivanti-Endpoint-Manager-Mobile-EPMM-CVE-2026-1281-CVE-2026-1340?language=en_US ; https://support.mobileiron.com/mi/vsp/AB1786671/ivanti-security-update-1761642-1.1.0S-5.noarch.rpm ; https://support.mobileiron.com/mi/vsp/AB1786671/ivanti-security-update-1761642-1.1.0L-5.noarch.rpm ; https://nvd.nist.gov/vuln/detail/CVE-2026-1340
- CISA listing
- www.cisa.gov/known-exploited-vulnerabilities-catalog
NVD triage scoring NVD CVE 2.0
Layer NVD adds on top of the CNA's CVE record — published / last-modified timestamps, exploitability / impact subscores, and the FIRST.org EPSS probability that this CVE will be exploited in the wild in the next 30 days.
- NVD published
- 2026-01-29 22:15:53 UTC
- NVD last modified
- 2026-04-09 14:03:31 UTC
- NVD CVSS v3.1
- 9.8 / 10 CRITICAL source: 3c1d8aa1-5a33-4ea4-8992-aadd6440af75
- NVD CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H- Exploitability subscore
- 3.9 / 10
- Impact subscore
- 5.9 / 10
- EPSS score
- 0.6591 (probability of exploitation in next 30 days)
- EPSS percentile
- 98.53% vs all CVEs — higher = more likely to be exploited, as of 2026-05-24
NVD / KEV / EPSS data refreshed 2026-05-25 04:36 UTC. Re-run the 🛰 Backfill from NVD button above to refresh.
European Union Vulnerability Database ENISA EUVD
ENISA's official EU repository for curated vulnerability intelligence. Carries a separate identifier (EUVD-YYYY-NNNN) and frequently exposes an earlier-published description + CVSS than NVD does.
- EUVD ID
-
EUVD-2026-4936 - Assigner
- ivanti
- Published
- Jan 29, 2026, 9:33:11 PM
- Updated
- Apr 9, 2026, 3:55:54 AM
- EUVD base score (CVSS 3.1)
-
9.8 / 10
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H - EUVD-reported EPSS
- 69.7200
- Vendors
- Ivanti
- Products
-
Endpoint Manager Mobile (patch: 12.x.1.x RPM)Endpoint Manager Mobile (patch: 12.x.0.x RPM)
- Aliases
-
GHSA-wv3p-w5rj-f5p6
ENISA description: A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution.
Affected products (1)
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Ivanti | Endpoint Manager Mobile |
12.x.1.x RPM (unaffected),
12.x.0.x RPM (unaffected)
|
— |
Affected products — CPE 2.3 (1) NVD
NVD's normalized CPE 2.3 matchers, used by vendor tools (vulnerability scanners, asset managers) for automated detection. Compare with the CNA's free-text "Affected products" section above.
cpe:2.3:a:ivanti:endpoint_manager_mobile:*:*:*:*:*:*:*:*
Remediations (9)
Remediations are stored against the linked Threat row; the list below is deduplicated across both pages.
-
web:zecurit.com
Get the complete breakdown of Microsoft's May 2026 Patch Tuesday. We analyze the latest security updates and all critical CVEs .
2026-05-14 11:16 UTC -
web:cybersecuritynews.com
Microsoft's May 2026 Patch Tuesday lands with a heavy enterprise focus, fixing 120 vulnerabilities across Windows, Office, Azure, developer tools, and Microsoft 365 apps, including 29 remote code execution (RCE) flaws rated Critical.
2026-05-14 11:16 UTC -
web:portal.msrc.microsoft.com
The Security Update Guide provides information on the latest Microsoft security updates, helping users understand and address potential vulnerabilities effectively.
2026-05-14 11:16 UTC -
web:blogs.oracle.com
For more information about the Critical Patch Update program, see the security vulnerability remediation practices page located on the Oracle Trust Center.
2026-05-14 11:16 UTC -
web:www.linkedin.com
Microsoft has released its May 2026 Patch Tuesday security updates, addressing more than 130 vulnerabilities across its software ecosystem, including Windows, Microsoft Office, SharePoint Server ...
2026-05-14 11:16 UTC -
web:www.malwarebytes.com
May's Patch Tuesday may not be the giant release many expected, but there are still plenty of important fixes that shouldn't be ignored.
2026-05-14 11:16 UTC -
web:www.secpod.com
The second Tuesday of May 2026 marked another major security update release from Microsoft, addressing a broad range of vulnerabilities across Windows, Microsoft Office, SharePoint, Dynamics 365, .NET, DNS Client, and other core enterprise components. While this month's Patch Tuesday did not include any actively exploited or publicly disclosed zero-day vulnerabilities, the release still ...
2026-05-14 11:16 UTC -
web:www.upguard.com
CVE-2026-1340 is a critical 9.8 RCE vulnerability in Ivanti EPMM (up to 12.7.0.0). Actively exploited; immediate patching and mitigation are required.
2026-05-14 11:16 UTC -
CISA KEV
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. Due date: 2026-04-11 Known ransomware campaign use: Unknown
2026-05-14 01:13 UTC
Vendor references (1)
References embedded in the original CVE record by the assigning CNA.
Web references (3)
DuckDuckGo results ranked by threat-intel / vendor advisory domains. Generated by the 🔎 Find references (web) button above — same flow as the Remediations search.
- https://attackerkb.com/topics/CVE-2026-1340 rapid7:attackerkb.com
- https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Endpoint-Manager-Mobile-EPMM-CVE-2026-1281-CVE-2026-1340 rapid7:forums.ivanti.com
- https://www.cve.org/CVERecord?id=CVE-2026-1340 rapid7:www.cve.org
NVD-tagged references (2)
Reference list NVD curates from the CNA record, vendor advisories, and third-party reports. The tag chips below are NVD's analyst-assigned categories.
- https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Endpoint-Manager-Mobile-EPMM-CVE-2026-1281-CVE-2026-1340 3c1d8aa1-5a33-4ea4-8992-aadd6440af75 Vendor Advisory
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-1340 134c704f-9b21-4f2e-91b3-4a467353bcc0 Third Party AdvisoryUS Government Resource
Indicators (2)
IOCs linked to the auto-promoted Threat row.
| Type | Value | VirusTotal | Attached |
|---|---|---|---|
| cwe |
CWE-94
|
no local data | 2026-05-14 02:58 UTC |
| cve |
CVE-2026-1340
|
no local data | 2026-05-14 02:58 UTC |
AI Forensic Analysis
Only Available for Registered Users. Sign in to view.
Raw JSON
The full cvelistV5 record. Download as CVE-2026-1340.json.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-1340",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-29T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2026-04-08",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-1340"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-09T03:55:54.081Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-1340"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-04-08T00:00:00.000Z",
"value": "CVE-2026-1340 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Endpoint Manager Mobile",
"vendor": "Ivanti",
"versions": [
{
"status": "unaffected",
"version": "12.x.1.x RPM",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "12.x.0.x RPM",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "<span style=\"background-color: rgb(255, 255, 255);\">A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution.</span><span style=\"background-color: rgb(255, 255, 255);\"> </span>"
}
],
"value": "A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution."
}
],
"impacts": [
{
"capecId": "CAPEC-242",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-242 Code Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code ('Code Injection')",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-29T21:33:11.768Z",
"orgId": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75",
"shortName": "ivanti"
},
"references": [
{
"url": "https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Endpoint-Manager-Mobile-EPMM-CVE-2026-1281-CVE-2026-1340"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75",
"assignerShortName": "ivanti",
"cveId": "CVE-2026-1340",
"datePublished": "2026-01-29T21:33:11.768Z",
"dateReserved": "2026-01-22T14:59:56.988Z",
"dateUpdated": "2026-04-09T03:55:54.081Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}