Critical Vulnerabilities in Ivanti EPMM Exploited
Essential information
- Published
- 18/02/2026 02:31
- Modified
- 18/02/2026 12:10
- Tags
- 2026-02-18 CVE-2026-1281 CVE-2026-1340 epmm ivanti mobile device management reconnaissance remote code execution reverse shell web shell zero-day
- Related entities
- 2 vulnerabilities (cve), 17 observables, 8 techniques (mitre), 13 others
Description
Two critical zero-day vulnerabilities (CVE-2026-1281 and CVE-2026-1340) in Ivanti Endpoint Manager Mobile are being actively exploited, allowing unauthenticated remote code execution on servers. Widespread exploitation has been observed, including reverse shells, web shells, reconnaissance, and malware downloads. Affected sectors include government, healthcare, manufacturing, and technology in multiple countries. Over 4,400 vulnerable instances have been identified. Attackers are moving quickly from initial access to deploying persistent backdoors. Immediate patching is strongly recommended, as exploitation attempts are largely automated and opportunistic.