Skip to main content

Government officials will never ask you to transfer money or disclose bank log-in details over a phone call.

Call the 24/7 ScamShield Helpline at 1799 if you are unsure if something is a scam.

Cyber Security Agency of Singapore
Alerts

Critical Vulnerabilities in Ivanti Endpoint Manager Mobile

30 January 2026

Ivanti has released security updates to address critical vulnerabilities affecting Ivanti Endpoint Manager Mobile (EPMM). Users and administrators are advised to apply the appropriate patches immediately.

Background

Ivanti has released security updates addressing two critical vulnerabilities (CVE-2026-1281 and CVE-2026-1340) affecting Ivanti Endpoint Manager Mobile (EPMM). The vulnerabilities have a Common Vulnerability Scoring System (CVSS v3.1) score of 9.8 out of 10. 

Impact

Successful exploitation of the vulnerabilities could allow an unauthenticated attacker to execute arbitrary code on the EPMM appliance, allowing the attacker access to a wide range of information stored on the platform.

Affected Products

The vulnerabilities affect the following product versions:

  • EPMM versions 12.5.0.x, 12.6.0.x, and 12.7.0.x

  • EPMM versions 12.5.1.0 and 12.6.1.0

Known Exploitation

The vulnerabilities are reportedly being exploited.

Mitigation

Users and administrators of affected products are advised to apply the appropriate RPM script to the affected products immediately:

  • Use RPM 12.x.0.x for EPMM versions 12.5.0.x, 12.6.0.x, and 12.7.0.x

  • Use RPM 12.x.1.x for EPMM versions 12.5.1.0 and 12.6.1.0

Users and administrators should note that the hotfixes do not survive a version upgrade and must be reapplied if the appliance is upgraded before a permanent fix is available in EPMM version 12.8.0.0.

References

https://nvd.nist.gov/vuln/detail/CVE-2026-1281

https://nvd.nist.gov/vuln/detail/CVE-2026-1340

https://www.bleepingcomputer.com/news/security/ivanti-warns-of-two-epmm-flaws-exploited-in-zero-day-attacks/

Back to top