Ivanti EPMM remote code execution

Added: 02/02/2026
CVE: CVE-2026-1281

Background

Ivanti Endpoint Manager Mobile, formerly MobileIron Core, is a security and Unified Endpoint Management (UEM) tool.

Problem

A command injection vulnerability in Ivanti EPMM could allow an unauthenticated attacker to execute arbitrary commands by sending a specially crafted GET request.

Resolution

Apply RPM 12.x.0.x or 12.x.1.x as instructed in the Ivanti Security Advisory.

References

https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Endpoint-Manager-Mobile-EPMM-CVE-2026-1281-CVE-2026-1340
https://forums.ivanti.com/s/article/Analysis-Guidance-Ivanti-Endpoint-Manager-Mobile-EPMM-CVE-2026-1281-CVE-2026-1340?language=en_US
https://labs.watchtowr.com/someone-knows-bash-far-too-well-and-we-love-it-ivanti-epmm-pre-auth-rces-cve-2026-1281-cve-2026-1340/

Platforms

Ivanti

Back to exploit index