Code Injection in Ivanti Endpoint Manager Mobile (CVE‑2026‑1340) Added to CISA KEV Catalog
What It Is — CVE‑2026‑1340 is a code‑injection flaw in Ivanti Endpoint Manager Mobile (EPMM) that permits an attacker to execute arbitrary commands on managed mobile devices. CISA has placed the vulnerability in its Known Exploited Vulnerabilities (KEV) catalog, confirming active exploitation in the wild.
Exploitability — Exploitation evidence is publicly documented; proof‑of‑concept code has been observed. The CVSS v3.1 base score is 8.8 (High), reflecting remote code execution and potential privilege escalation.
Affected Products — Ivanti Endpoint Manager Mobile (EPMM) versions prior to the vendor‑released patch (see Ivanti advisory for exact version numbers).
TPRM Impact — The vulnerability creates a direct attack surface on a widely‑deployed endpoint‑management solution, exposing third‑party customers, contractors, and any downstream services that rely on the compromised mobile devices. A successful exploit can lead to lateral movement, data exfiltration, and disruption of business‑critical mobile workflows.
Recommended Actions —
- Apply Ivanti’s remediation patch for CVE‑2026‑1340 without delay.
- Inventory all EPMM deployments across your organization and any third‑party partners; verify patch status.
- Prioritize remediation in line with CISA BOD 22‑01 deadlines and integrate the KEV entry into your vulnerability‑management workflow.
- Conduct a focused risk assessment of mobile‑device‑management (MDM) dependencies within your supply chain and update contracts to require timely patching.
Source: CISA Advisory – 2026‑04‑08