Serial number: AV26-068
Date: January 29, 2026
Updated: April 8, 2026
On January 29, 2026, Ivanti published a security advisory to address critical vulnerabilities in the following product:
- Ivanti Endpoint Manager Mobile (EPMM) – version 12.5.0.0 and prior, 12.6.0.0 and prior, 12.7.0.0 and prior, version 12.5.1.0 and prior and 12.6.1.0 and prior
Update 1
On January 29, 2026, Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2026-1281 to their Known Exploited Vulnerabilities (KEV) Database.
Update 2
On April 8, 2026, Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2026-1340 to their Known Exploited Vulnerabilities (KEV) Database.
Ivanti has stated that vulnerabilities CVE-2026-1281 & CVE-2026-1340 have been exploited in the wild.
The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.
