Date Posted: 2026/02/06
[Vulnerability Alert] Two Critical Security Vulnerabilities Found in Ivanti Endpoint Manager Mobile (EPMM)
- Subject Explanation: [Vulnerability Alert] Two Critical Security Vulnerabilities Found in Ivanti Endpoint Manager Mobile (EPMM)
- Content Description:
- Forwarding Taiwan Computer Emergency Response Team / Coordination Center (TWCERT/CC) Security Alert TWCERTCC-200-202601-00000028
- Ivanti Endpoint Manager Mobile (EPMM) is a mobile device management solution capable of centrally managing iOS, Android, macOS, and Windows devices.
- Security updates released recently have patched 2 critical security vulnerabilities (CVE-2026-1281 and CVE-2026-1340, both CVSS: 9.8). The aforementioned vulnerabilities are both code injection vulnerabilities, allowing unauthenticated attackers to execute remote code.
- Impacted Platforms:
- Ivanti Endpoint Manager Mobile 12.5.0.0 and earlier versions
- Ivanti Endpoint Manager Mobile 12.5.1.0 and earlier versions
- Ivanti Endpoint Manager Mobile 12.6.0.0 and earlier versions
- Ivanti Endpoint Manager Mobile 12.6.1.0 and earlier versions
- Ivanti Endpoint Manager Mobile 12.7.0.0 and earlier versions
- Suggested Measures:
- Patch according to the solution released on the official website: https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Endpoint-Manager-Mobile-EPMM-CVE-2026-1281-CVE-2026-1340?language=en_US
Computer and Communication Center Network Systems Division
