Is Ivanti affected by CVE-2026-1340?

A critical unauthenticated remote code execution vulnerability in Ivanti Endpoint Manager Mobile (CVE-2026-1340, CVSS 9.8) poses an immediate threat to any organization using this platform.

CVE-2026-1340

CRITICAL

2026-01-29 3c1d8aa1-5a33-4ea4-8992-aadd6440af75

9.8

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Added to CISA KEV

Apr 09, 2026 - 14:03 cisa

CISA KEV

CIRCL Exploitation Confirmed

Apr 09, 2026 - 14:03 circl

CIRCL KEV

PoC Detected

Apr 09, 2026 - 14:03 vuln.today

Public exploit code

Analysis Generated

Mar 12, 2026 - 22:00 vuln.today

CVE Published

Jan 29, 2026 - 22:15 nvd

CRITICAL 9.8

Description

A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution.

Analysis

Ivanti Endpoint Manager Mobile (EPMM) contains a code injection vulnerability that allows unauthenticated attackers to achieve remote code execution on the mobile device management server. Compromising the MDM server provides access to all managed mobile device configurations, policies, and potentially the ability to push malicious profiles to enrolled devices.

Remediation

Within 24 hours: Inventory all Ivanti Endpoint Manager Mobile instances, isolate affected systems from production networks if operationally feasible, and enable enhanced logging/monitoring. Within 7 days: Implement network segmentation to restrict access to management interfaces, deploy WAF rules to block exploitation attempts, and brief incident response teams on activation criteria. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Priority Score

170

Low Medium High Critical

KEV: +50

EPSS: +50.9

CVSS: +49

POC: +20

CVE-2026-1340 vulnerability details – vuln.today

Back

CVE-2026-1340

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Analysis

Full analysis requires sign-in

Priority Score

Share

CVE-2026-1340

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Full analysis requires sign-in

Priority Score

Share

External POC / Exploit Code