Skip to main content

Ivanti CVE-2026-1340

CRITICAL
Code Injection (CWE-94)
2026-01-29 3c1d8aa1-5a33-4ea4-8992-aadd6440af75
9.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

5
Added to CISA KEV
Apr 09, 2026 - 14:03 cisa
CISA KEV
CIRCL Exploitation Confirmed
Apr 09, 2026 - 14:03 circl
CIRCL KEV
PoC Detected
Apr 09, 2026 - 14:03 vuln.today
Public exploit code
Analysis Generated
Mar 12, 2026 - 22:00 vuln.today
CVE Published
Jan 29, 2026 - 22:15 nvd
CRITICAL 9.8

DescriptionCVE.org

A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution.

AnalysisAI

Ivanti Endpoint Manager Mobile (EPMM) contains a code injection vulnerability that allows unauthenticated attackers to achieve remote code execution on the mobile device management server. Compromising the MDM server provides access to all managed mobile device configurations, policies, and potentially the ability to push malicious profiles to enrolled devices.

Technical ContextAI

A code injection vulnerability in Ivanti EPMM allows unauthenticated attackers to execute arbitrary code on the MDM server. EPMM (formerly MobileIron) manages enterprise mobile devices, enforcing security policies, distributing applications, and controlling device configurations. The server holds certificates, VPN configurations, and WiFi credentials for all managed devices.

RemediationAI

Apply the latest Ivanti EPMM security patch. Restrict EPMM management interface access. Monitor for unauthorized profile deployments to managed devices. Rotate device enrollment certificates and VPN credentials. Review MDM audit logs for suspicious administrative actions.

More in Ivanti

View all
CVE-2024-7593 CRITICAL POC
9.8 Aug 13

Authentication bypass in Ivanti Virtual Traffic Manager (vTM) admin panel allows remote unauthenticated attackers to gai

CVE-2024-13159 CRITICAL POC
9.8 Jan 14

Ivanti Endpoint Manager contains an absolute path traversal vulnerability allowing unauthenticated remote attackers to l

CVE-2024-13160 CRITICAL POC
9.8 Jan 14

Ivanti Endpoint Manager contains a second absolute path traversal vulnerability for unauthenticated information disclosu

CVE-2024-13161 CRITICAL POC
9.8 Jan 14

Ivanti Endpoint Manager contains a third absolute path traversal vulnerability for unauthenticated information disclosur

CVE-2025-0282 CRITICAL POC
9.0 Jan 08

Ivanti Connect Secure, Policy Secure, and Neurons for ZTA contain a stack-based buffer overflow allowing unauthenticated

CVE-2025-4427 MEDIUM POC
5.3 May 13

An authentication bypass in the API component of Ivanti Endpoint Manager Mobile 12.5.0.0 and prior allows attackers to a

CVE-2026-1281 CRITICAL POC
9.8 Jan 29

Ivanti Endpoint Manager Mobile (EPMM) contains a critical code injection vulnerability (CVE-2026-1281, CVSS 9.8) that al

CVE-2025-22457 CRITICAL POC
9.0 Apr 03

Ivanti Connect Secure, Policy Secure, and ZTA Gateways contain a stack-based buffer overflow enabling unauthenticated re

CVE-2025-4428 HIGH POC
7.2 May 13

Ivanti Endpoint Manager Mobile (EPMM) contains an authenticated code injection in the API component, allowing authentica

CVE-2026-1603 HIGH POC
8.6 Feb 10

Ivanti Endpoint Manager before 2024 SU5 contains an authentication bypass (CVE-2026-1603, CVSS 8.6) that allows unauthen

CVE-2026-10520 CRITICAL POC
10.0 Jun 09

Remote code execution in Ivanti Sentry before R10.5.2, R10.6.2, and R10.7.1 allows unauthenticated remote attackers to a

CVE-2026-6973 HIGH POC
7.2 May 07

Remote code execution in Ivanti Endpoint Manager Mobile (EPMM) allows authenticated administrators to execute arbitrary

Share

CVE-2026-1340 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy