On January 29, 2026, Ivanti released fixes for two critical zero-day code injection vulnerabilities affecting Ivanti Endpoint Manager Mobile (EPMM). The vulnerabilities, tracked as CVE-2026-1281 and CVE-2026-1340,?impact?the In-House Application Distribution and Android File Transfer Configuration features and allow unauthenticated remote threat actors to achieve remote code execution. Ivanti has?stated?that they have?observed?exploitation of these vulnerabilities in customer environments but?have?not?disclosed?further details.?
At the time of writing, Arctic Wolf has not?identified?a publicly available proof-of-concept?(PoC)?exploit. However, these vulnerabilities are likely to be further targeted by threat actors, as successful exploitation can enable deployment of web shells or reverse shells to?establish?persistence on compromised appliances. Historically, similar EPMM vulnerabilities have been exploited in this manner, and Ivanti products have been frequent targets in recent years, as reflected in CISA¡¯s Known Exploited Vulnerabilities catalog.?
Recommendation for CVE-2026-1281 and CVE-2026-1340
Upgrade to Latest Fixed Version
Arctic Wolf strongly recommends that customers upgrade to the latest fixed version.?
| Product? | Affected Version? | Fixed Version? |
| Ivanti Endpoint Manager Mobile (EPMM)? |
|
?? |
|
? |
Ivanti has?stated?that?these vulnerabilities do not?impact?any other Ivanti products, including any cloud products, such as Ivanti Neurons for MDM. Ivanti Endpoint Manager (EPM) is a different product?and?not?impacted?by these vulnerabilities. Customers using an Ivanti cloud product with Sentry are also not impacted.???
Note:?If you upgrade your appliance after applying the RPM script, you will need to reinstall the RPM. A permanent fix for this vulnerability will be included in the next product release (12.8.0.0).?
Please follow your organization’s patching and testing guidelines to minimize potential operational impact.?
