Critical code injection vulnerability in Ivanti Endpoint Manager Mobile allowing unauthenticated remote code execution. This vulnerability is actively exploited in zero-day attacks and listed on CISA's KEV catalog.
Data Source: CIRCL
Confidence: HIGH
Exploitation Method: DIRECT_NETWORK
CVE Published: 2026-01-29
Added to CISA KEV: 2026-01-29 0 DAY BETWEEN CVE AND KEV
CVE-2026-1281 Release: 2026-01-29 Due Date: 2026-02-01 Vendor: Ivanti Product: Endpoint Manager Mobile (EPMM) Ivanti Endpoint Manager Mobile (EPMM) contains a code injection vulnerability that could allow attackers to achieve unauthenticated remote code execution. CISA added CVE-2026-1281 to the list of known exploited vulnerabilities.
Ivanti has disclosed two critical vulnerabilities in Ivanti Endpoint Manager Mobile (EPMM), tracked as CVE-2026-1281 and CVE-2026-1340, that were exploited in zero-day attacks.
The Common Vulnerability Scoring System is a standardized framework for assessing the severity of vulnerabilities in software and systems. We collect and displays CVSS scores from various sources for each CVE. Score Version Severity Vector Exploitability Score Impact Score Source 9.8 CVSS 3.1 CRITICAL 3c1d8aa1-5a33-4ea4-8992-aadd6440af75 Solution
CISA’s Known Exploited Vulnerabilities (KEV) Catalog has one more entry to worry about: on January 29, 2026 the agency added CVE-2026-1281, a code-injection vulnerability in Ivanti Endpoint Manager Mobile (EPMM). The short version: this is a classic, high-risk attack vector in a mobile device management (MDM) product that sits at the junction of enterprise mobility, device policy, and ...
For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild. Organizations should use the KEV catalog as an input to their vulnerability management prioritization framework.How to use the KEV ...