CISA Mandates Urgent Patch for Exploited Ivanti EPMM Flaw

Federal agencies are under the gun, facing a tight deadline to patch a critical vulnerability in Ivanti Endpoint Manager Mobile (EPMM). CISA has added CVE-2026-1340 to its Known Exploited Vulnerabilities (KEV) catalog, demanding federal civilian executive branch (FCEB) agencies secure their systems by midnight Saturday. This critical code injection flaw, exploited in the wild since January, allows unauthenticated attackers to achieve remote code execution on exposed EPMM appliances.

Ivanti itself flagged this bug, along with CVE-2026-1281, as zero-day threats back in late January, pushing out updates and strongly urging customers to apply them immediately. The company acknowledged then that a limited number of customers had already fallen victim. The Shadowserver Foundation is currently tracking nearly 950 internet-facing Ivanti EPMM instances, with a significant portion located in Europe and North America, though the patch status for these systems remains unknown.