U.S. CISA Adds Critical Ivanti EPMM Vulnerability to Known Exploited Vulnerabilities Catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a vulnerability affecting Ivanti EPMM (Endpoint Manager Mobile), identified as CVE-2026-1281 with a CVSS score of 9.8, to its Known Exploited Vulnerabilities (KEV) catalog. This flaw is a code injection vulnerability impacting Ivanti EPMM versions. No specific date of addition or details about attacks exploiting this vulnerability have been provided. The decision aligns with the agency's efforts to catalog actively exploited flaws.