Critical code injection vulnerability in Ivanti Endpoint Manager Mobile allowing unauthenticated remote code execution. This vulnerability is actively exploited in zero-day attacks and listed on CISA's KEV catalog.
Data Source: CIRCL
Confidence: HIGH
Exploitation Method: DIRECT_NETWORK
CVE Published: 2026-01-29
Added to CISA KEV: 2026-01-29 0 DAY BETWEEN CVE AND KEV
Here's a breakdown of what is known about its exploitation:
CVE-2026-1281 Release: 2026-01-29 Due Date: 2026-02-01 Vendor: Ivanti Product: Endpoint Manager Mobile (EPMM) Ivanti Endpoint Manager Mobile (EPMM) contains a code injection vulnerability that could allow attackers to achieve unauthenticated remote code execution. CISA added CVE-2026-1281 to the lis…
Ivanti has disclosed two critical vulnerabilities in Ivanti Endpoint Manager Mobile (EPMM), tracked as CVE-2026-1281 and CVE-2026-1340, that were exploited in zero-day attacks.
The Common Vulnerability Scoring System is a standardized framework for assessing the severity of vulnerabilities in software and systems. We collect and displays CVSS scores from various sources for each CVE. Score Version Severity Vector Exploitability Score Impact Score Source 9.8 CVSS 3.1 CRITIC…
CISA’s Known Exploited Vulnerabilities (KEV) Catalog has one more entry to worry about: on January 29, 2026 the agency added CVE-2026-1281, a code-injection vulnerability in Ivanti Endpoint Manager Mobile (EPMM). The short version: this is a classic, high-risk attack vector in a mobile device manage…
For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild. Organizations should use the KEV catal…