Sign in Subscribe

← All advisories

Unrated severityCISA KEVNVD Advisory· Published Jan 29, 2026· Updated Feb 26, 2026

CVE-2026-1281

CVE-2026-1281

Description

A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution.

Affected products

1

Ivanti/Endpoint Manager Mobilev5
Range: 12.x.1.x RPM

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

1

forums.ivanti.com/s/article/Security-Advisory-Ivanti-Endpoint-Manager-Mobile-EPMM-CVE-2026-1281-CVE-2026-1340mitre

News mentions

5

CISA gives feds four days to patch Ivanti flaw exploited as zero-day
BleepingComputer · May 8, 2026
Ivanti EPMM vulnerability exploited in zero-day attacks (CVE-2026-6973)
Help Net Security · May 8, 2026
Ivanti Patches EPMM Zero-Day Exploited in Targeted Attacks
SecurityWeek · May 8, 2026
Ivanti EPMM CVE-2026-6973 RCE Under Active Exploitation Grants Admin-Level Access
The Hacker News · May 7, 2026
Ivanti warns of new EPMM flaw exploited in zero-day attacks
BleepingComputer · May 7, 2026