← back
CVE-2026-1340

CVE-2026-1340

CVSS 9.8 CRITICALEPSS 84.0%● KEVCWE-94
In short

Attackers can run malicious code on Ivanti Endpoint Manager Mobile without needing to log in. This is a serious flaw that puts devices and data at immediate risk.

Technical detail

Unauthenticated code injection vulnerability in Ivanti Endpoint Manager Mobile (CWE-94) allows remote attackers to execute arbitrary code without authentication. The attack vector is network-based with no special preconditions required, resulting in complete system compromise.

Summary generated and translated by AI from the official description.
A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
Ivanti · Endpoint Manager Mobile

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Endpoint-Manager-Mobile-EPMM-CVE-2026-1281-CVE-2026-1340https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-1340