[Vulnerability Alert] Two Critical Security Vulnerabilities Found in Ivanti Endpoint Manager Mobile (EPMM)

• Subject Explanation: [Vulnerability Alert] Two Critical Security Vulnerabilities Found in Ivanti Endpoint Manager Mobile (EPMM)

• Content Description:
  • Forwarding Taiwan Computer Emergency Response Team / Coordination Center (TWCERT/CC) Security Alert TWCERTCC-200-202601-00000028
  • Ivanti Endpoint Manager Mobile (EPMM) is a mobile device management solution capable of centrally managing iOS, Android, macOS, and Windows devices.
  • Security updates released recently have patched 2 critical security vulnerabilities (CVE-2026-1281 and CVE-2026-1340, both CVSS: 9.8). The aforementioned vulnerabilities are both code injection vulnerabilities, allowing unauthenticated attackers to execute remote code.
• Impacted Platforms:
  • Ivanti Endpoint Manager Mobile 12.5.0.0 and earlier versions
  • Ivanti Endpoint Manager Mobile 12.5.1.0 and earlier versions
  • Ivanti Endpoint Manager Mobile 12.6.0.0 and earlier versions
  • Ivanti Endpoint Manager Mobile 12.6.1.0 and earlier versions
  • Ivanti Endpoint Manager Mobile 12.7.0.0 and earlier versions
• Suggested Measures:
  • Patch according to the solution released on the official website: https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Endpoint-Manager-Mobile-EPMM-CVE-2026-1281-CVE-2026-1340?language=en_US

Computer and Communication Center Network Systems Division