1. Home
  2. Vulnerabilities
  3. CVE-2026-1340
9.8
CRITICAL CVSS 3.1
CVE-2026-1340
Ivanti Endpoint Manager Mobile Code Injection Remote Code Execution
Description

A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution.

INFO

Published Date :

Jan. 29, 2026, 10:15 p.m.

Last Modified :

Feb. 4, 2026, 4:34 p.m.

Remotely Exploit :

Yes !

Source :

3c1d8aa1-5a33-4ea4-8992-aadd6440af75
Affected Products

The following products are affected by CVE-2026-1340 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Ivanti endpoint_manager_mobile
: Total Affected Vendor : 1 | Products : 1
CVSS Scores
The Common Vulnerability Scoring System is a standardized framework for assessing the severity of vulnerabilities in software and systems. We collect and displays CVSS scores from various sources for each CVE.
Score Version Severity Vector Exploitability Score Impact Score Source
CVSS 3.1 CRITICAL 3c1d8aa1-5a33-4ea4-8992-aadd6440af75
CVSS 3.1 CRITICAL MITRE-CVE
Solution
Address unauthenticated remote code execution via code injection.
  • Apply vendor patches or updates immediately.
  • Review Ivanti Endpoint Manager Mobile security settings.
  • Restrict network access to the affected system.
  • Monitor for suspicious activities.
Public PoC/Exploit Available at Github

CVE-2026-1340 has a 2 public PoC/Exploit available at Github. Go to the Public Exploits tab to see the list.

References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2026-1340.

URL Resource
https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Endpoint-Manager-Mobile-EPMM-CVE-2026-1281-CVE-2026-1340
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2026-1340 is associated with the following CWEs:

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2026-1340 weaknesses.

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Profile Photo
MehdiLeDeaut/CVE-2026-1281-Ivanti-EPMM-RCE

Proof of Concept for CVE-2026-1281 & CVE-2026-1340 - Ivanti EPMM Pre-Auth RCE via Bash Arithmetic Expansion

Shell Python

Updated: 1 week, 4 days ago
1 stars 0 fork 0 watcher
Born at : Feb. 7, 2026, 11:28 a.m. This repo has been linked 2 different CVEs too.
Profile Photo
Ashwesker/Ashwesker-CVE-2026-1281

CVE-2026-1281

Python

Updated: 2 weeks, 3 days ago
2 stars 0 fork 0 watcher
Born at : Feb. 1, 2026, 9:57 a.m. This repo has been linked 2 different CVEs too.

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2026-1340 vulnerability anywhere in the article.

  • CybersecurityNews
Critical Ivanti EPMM Zero-Day Vulnerabilities Exploited in The Wild Targeting Corporate Networks

Two critical zero-day vulnerabilities in Ivanti Endpoint Manager Mobile (EPMM) have emerged as a major threat to enterprise networks, with active exploitation campaigns targeting corporate infrastruct ... Read more

Published Date: Feb 18, 2026 (12 hours, 51 minutes ago)
  • The Cyber Express
Attackers Deploy Dormant Backdoors in Ivanti EPMM to Bypass Patching of Latest 0-Days

Threat actors weaponized two Ivanti zero-days so quickly that security teams discovered web shells already installed on servers—using arithmetic expansion in bash scripts to slip past authentication e ... Read more

Published Date: Feb 18, 2026 (23 hours, 55 minutes ago)
  • Daily CyberSecurity
“Dormant” Backdoors: Ivanti EPMM Zero-Days Exploited to Plant Long-Term Spies

Two critical zero-day vulnerabilities in Ivanti Endpoint Manager Mobile (EPMM) are currently being exploited in a widespread campaign to compromise enterprise networks across the globe. A new report f ... Read more

Published Date: Feb 18, 2026 (1 day, 7 hours ago)
  • CybersecurityNews
Single IP Dominates Exploitation Campaign Attacking Ivanti EPMM with RCE Vulnerability

Single IP Dominates Ivanti EPMM with RCE Vulnerability A critical remote code execution (RCE) flaw in Ivanti Endpoint Manager Mobile (EPMM), tracked as CVE-2026-1281, is being heavily exploited. GreyN ... Read more

Published Date: Feb 16, 2026 (2 days, 15 hours ago)
  • security.nl
NCSC publiceert verbeterd script voor detectie van gehackte Ivanti-servers

Het Nationaal Cyber Security Centrum (NCSC) heeft in samenwerking met Ivanti een verbeterd script gepubliceerd om gehackte Ivanti Endpoint Manager Mobile (EPMM) servers te detecteren en roept Nederlan ... Read more

Published Date: Feb 13, 2026 (5 days, 22 hours ago)
  • The Hacker News
83% of Ivanti EPMM Exploits Linked to Single IP on Bulletproof Hosting Infrastructure

A significant chunk of the exploitation attempts targeting a newly disclosed security flaw in Ivanti Endpoint Manager Mobile (EPMM) can be traced back to a single IP address on bulletproof hosting inf ... Read more

Published Date: Feb 12, 2026 (1 week ago)
  • CybersecurityNews
Massive Spike in Attacks Exploiting Ivanti EPMM Systems 0-day Vulnerability

Ivanti EPMM 0-day Vulnerability Exploited An unprecedented surge in exploitation attempts targeting CVE-2026-1281, a critical vulnerability in Ivanti Endpoint Manager Mobile (EPMM). On February 9, 202 ... Read more

Published Date: Feb 11, 2026 (1 week ago)
  • Help Net Security
Ivanti EPMM exploitation: Researchers warn of “sleeper” webshells

A massive wave of exploitation attempts has followed the disclosure of CVE-2026-1281, a critical pre-authentication Ivanti EPMM vulnerability, the Shadowserver Foundation has warned. Some of it is aut ... Read more

Published Date: Feb 11, 2026 (1 week ago)
  • Daily CyberSecurity
Sleeping with the Enemy: Dormant Backdoors Found in Ivanti EPMM

A stealthy new cyber espionage campaign is targeting Ivanti Endpoint Manager Mobile (EPMM), but unlike typical ransomware gangs that smash and grab, these attackers are planting seeds and walking away ... Read more

Published Date: Feb 11, 2026 (1 week, 1 day ago)
  • The Hacker News
Dutch Authorities Confirm Ivanti Zero-Day Exploit Exposed Employee Contact Data

The Netherlands' Dutch Data Protection Authority (AP) and the Council for the Judiciary confirmed both agencies (Rvdr) have disclosed that their systems were impacted by cyber attacks that exploited t ... Read more

Published Date: Feb 10, 2026 (1 week, 1 day ago)
  • The Cyber Express
European Commission Hit by Mobile Infrastructure Data Breach

The European Commission’s central infrastructure for managing mobile devices was hit by a cyberattack on January 30, the Commission has revealed. The announcement said the European Commission mobile c ... Read more

Published Date: Feb 09, 2026 (1 week, 2 days ago)
  • Hackread - Cybersecurity News, Data Breaches, AI and More
Cyber Attack Hits European Commission Staff Mobile Systems

Swift action by CERT-EU contained the breach within nine hours, linked to critical Ivanti software flaws (CVE-2026-1281 and CVE-2026-1340). The European Commission has confirmed that its central syste ... Read more

Published Date: Feb 09, 2026 (1 week, 2 days ago)
  • CybersecurityNews
Hackers Exploiting Ivanti EPMM Devices to Deploy Dormant Backdoors

Ivanti EPMM Devices Exploited Hackers are actively exploiting Ivanti Endpoint Manager Mobile (EPMM) appliances to plant “dormant” backdoors that can sit unused for days or weeks. Ivanti recently discl ... Read more

Published Date: Feb 09, 2026 (1 week, 2 days ago)
  • security.nl
NCSC: meerdere organisaties via kritiek Ivanti EPMM-lek gehackt

Aanvallers hebben meerdere organisaties via een kritieke kwetsbaarheid in Ivanti EPMM weten te hacken, zo laat het Nationaal Cyber Security Centrum (NCSC) vandaag weten. De Nederlandse overheidsinstan ... Read more

Published Date: Feb 09, 2026 (1 week, 2 days ago)
  • The Register
Dutch data watchdog snitches on itself after getting caught in Ivanti zero-day attacks

The Dutch Data Protection Authority (AP) says it was one of the many organizations popped when attackers raced to exploit recent Ivanti vulnerabilities as zero-days. Justice secretary Arno Rutte and s ... Read more

Published Date: Feb 09, 2026 (1 week, 2 days ago)
  • Help Net Security
European Commission hit by cyberattackers targeting mobile management platform

The European Commission’s mobile device management platform was hacked but the incident was swiftly contained and no compromise of mobile devices was detected, EU’s executive branch announced on Frida ... Read more

Published Date: Feb 09, 2026 (1 week, 2 days ago)
  • security.nl
Europese Commissie meldt mogelijk datalek na inbraak op beheersysteem

Aanvallers hebben ingebroken op een systeem dat de Europese Commissie gebruikt voor het beheer van mobiele apparaten van medewerkers, en daarbij is mogelijk ook informatie van personeel buitgemaakt, z ... Read more

Published Date: Feb 09, 2026 (1 week, 2 days ago)
  • security.nl
Autoriteit Persoonsgegevens en Raad voor de rechtspraak gehackt via Ivanti-lek

Aanvallers zijn erin geslaagd de Ivanti EPMM-server van de Autoriteit Persoonsgegevens (AP) en Raad voor de rechtspraak te hacken. In het geval van de AP hebben de aanvallers toegang gekregen tot werk ... Read more

Published Date: Feb 06, 2026 (1 week, 5 days ago)
  • security.nl
NCSC waarschuwt Ivanti EPMM-klanten: ga ervan uit dat je bent gehackt en meld je

Het Nationaal Cyber Security Centrum (NCSC) waarschuwt organisaties die gebruikmaken van Ivanti Endpoint Manager Mobile (EPMM) dat ze ervan moeten uitgaan dat hun EPMM-server is gehackt. Ook worden de ... Read more

Published Date: Feb 05, 2026 (1 week, 6 days ago)
  • The Cyber Express
IPIDEA Proxy Network Dismantled: Global Cybercrime and Botnet Risks Exposed

Researchers have found what they believe is one of the world’s largest residential proxy networks: the IPIDEA proxy operation. The action targeted a little-known but deeply embedded component of the o ... Read more

Published Date: Feb 03, 2026 (2 weeks, 2 days ago)

Results are limited to the first 20 news articles due to potential performance issues.

The following table lists the changes that have been made to the CVE-2026-1340 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • New CVE Received by 3c1d8aa1-5a33-4ea4-8992-aadd6440af75

    Jan. 29, 2026

    Action Type Old Value New Value
    Added Description A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution.
    Added CVSS V3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    Added CWE CWE-94
    Added Reference https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Endpoint-Manager-Mobile-EPMM-CVE-2026-1281-CVE-2026-1340
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
Vulnerability Scoring Details
Base CVSS Score: 9.8
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact