๐Ÿ”ด CVE-2026-1340

Critical code injection vulnerability in Ivanti Endpoint Manager Mobile allowing unauthenticated remote code execution via network exploitation. This vulnerability is actively being exploited in the wild and has been added to CISA's Known Exploited Vulnerabilities catalog.

โ† Back to Overview
HIGH_RISK
Risk Level
9.8
CVSS Score
NETWORK
Attack Vector
Initial Access
ATT&CK Tactic
T1190 โ€” Exploit Public-Facing Application
ATT&CK Technique
HIGH
Deployment Risk
No
Ransomware

๐Ÿ“‹ Vulnerability Details

Data Source: CIRCL

Confidence: HIGH

Exploitation Method: DIRECT_NETWORK

CVE Published: 2026-01-29

Added to CISA KEV: 2026-04-08 69 DAYS BETWEEN CVE AND KEV

๐ŸŽฏ Recommendations:

๐Ÿ” Web Intelligence (Kagi ยท 2026-04-08)

CVE-2026-1340 is a critical vulnerability that has been added to CISA's Known Exploited Vulnerabilities (KEV) Catalog, indicating evidence of active exploitation in the wild [2][4].

Here's what is known about its exploitation:

  • Internet-Facing Applications/Services: The vulnerability affects Ivanti Endpoint Manager Mobile (EPMM) [1][3]. Exploitation can occur over the network, and the vulnerability is present in internet-facing instances of Ivanti EPMM [3].
  • Evidence of Active Exploitation: CISA's inclusion of CVE-2026-1340 in its KEV Catalog is based on evidence of active exploitation [2][4]. This means the vulnerability is not just theoretical but is being actively used by attackers.
  • Attack Vectors and Exploitation Methods:
* The vulnerability allows for unauthenticated remote code execution (RCE) [1][3]. * Attackers can exploit it by sending specially crafted HTTP requests [1]. * Exploitation can lead to the deployment of web shells and backdoors [5]. * The attack vector is network-based, and no user interaction is required [1].
  • Targeted Attacks: While the sources confirm active exploitation and widespread exploitation [5], they do not specifically detail whether these attacks have been used in highly targeted campaigns against specific organizations. However, the nature of RCE vulnerabilities often makes them attractive for targeted intrusions.
  • CISA Known Exploited Vulnerabilities Status: CVE-2026-1340 is listed in the CISA Known Exploited Vulnerabilities (KEV) Catalog [2]. This catalog is maintained by CISA as an authoritative source of vulnerabilities that have been exploited in the wild, and organizations are advised to use it for vulnerability prioritization [6].
  • Technical Details about Internet Exploitability: The vulnerabilities, including CVE-2026-1340, stem from improper handling and validation of HTTP requests within Ivanti Endpoint Manager Mobile [1]. This allows attackers to trigger remote code execution without authentication, making it exploitable over the internet if the Ivanti EPMM service is exposed [1][3].

Sources

  1. Ivanti EPMM RCE Zero-Days (CVE-2026-1281, 1340) | Horizon3.ai

    CVE-2026-1281 and CVE-2026-1340 are actively exploited RCE flaws in Ivanti EPMM. Verify exposure and confirm remediation with NodeZero Rapid Response.Technical Details. The vulnerabilities stem from improper handling and validation of HTTP requests within Ivanti Endpoint Manager Mobile. Specially crโ€ฆ

  2. CISA Adds One Known Exploited Vulnerability to Catalog

    CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2026-1340โ€ฆ

  3. Ivanti EPMM RCE: CVE-2026-1281 & CVE-2026-1340 - Indusface

    CVE-2026-1281 and CVE-2026-1340 are critical vulnerabilities that enable unauthenticated remote code execution over the network. Any exposed ...

  4. CISA Adds One Known Exploited Vulnerability to Catalog | CISA

    CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.

  5. Critical Vulnerabilities in Ivanti EPMM Exploited

    We discuss widespread exploitation of Ivanti EPMM zero-day vulns CVE-2026-1281 and CVE-2026-1340. Attackers are deploying web shells and backdoors.

Generated by PatchNow Intelligence System

Analysis based on CIRCL.LU data, Claude AI assessment, and MITRE ATT&CK framework

๐Ÿ“„ Download JSON Data | ๐Ÿ“ก RSS Feed