CISA Mandates Urgent Patch for Exploited Ivanti EPMM Flaw
Federal agencies are under the gun, facing a tight deadline to patch a critical vulnerability in Ivanti Endpoint Manager Mobile (EPMM). CISA has added CVE-2026-1340 to its Known Exploited Vulnerabilities (KEV) catalog, demanding federal civilian executive branch (FCEB) agencies secure their systems by midnight Saturday. This critical code injection flaw, exploited in the wild since January, allows unauthenticated attackers to achieve remote code execution on exposed EPMM appliances.
Ivanti itself flagged this bug, along with CVE-2026-1281, as zero-day threats back in late January, pushing out updates and strongly urging customers to apply them immediately. The company acknowledged then that a limited number of customers had already fallen victim. The Shadowserver Foundation is currently tracking nearly 950 internet-facing Ivanti EPMM instances, with a significant portion located in Europe and North America, though the patch status for these systems remains unknown.
What This Means For You
- Given CISA's directive and the fact that this Ivanti EPMM vulnerability has been actively exploited, organizations should immediately verify the patch status of all Ivanti EPMM instances and prioritize remediation for any unpatched systems exposed to the internet.
Related coverage
Daily Security Digest โ 2026-05-23
9 curated intelligence stories from 3 sources.
npm Boosts Supply Chain Security with 2FA-Gated Staged Publishing
GitHub has rolled out new controls for npm, significantly enhancing software supply chain security. The Hacker News reports that these features, now generally available, introduce...
Packagist Supply Chain Attack Infects 8 Packages with Linux Malware
A new, coordinated supply chain attack has compromised eight packages on Packagist. The attack injects malicious code designed to retrieve and execute a Linux binary...