Critical Vulnerabilities in Ivanti Endpoint Manager Mobile Exploited in the Wild

On January 30, 2026, the French Computer Emergency Response Team (CERT-FR) reported several vulnerabilities in Ivanti Endpoint Manager Mobile (EPMM). The identified flaws, CVE-2026-1281 and CVE-2026-1340, allow for remote arbitrary code execution. Ivanti has confirmed that these vulnerabilities are being actively exploited. No additional technical details regarding the exploitation mechanisms or affected versions are provided in the advisory.