**U.S. CISA Adds Ivanti EPMM Flaw to Known Exploited Vulnerabilities Catalog**

**A Critical Vulnerability in Ivanti EPMM Exposed: What You Need to Know**

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has taken swift action to address a critical vulnerability in Ivanti Endpoint Manager Mobile (EPMM). The agency has added the flaw, tracked as CVE-2026-1281, to its Known Exploited Vulnerabilities (KEV) catalog, highlighting the urgent need for patching and remediation.

The vulnerability, which carries a CVSS score of 9.8, is a code injection that allows an unauthenticated attacker to achieve remote code execution. This means that even without prior access or authentication, an attacker can exploit this flaw to gain unauthorized control over the affected system.

"A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution," reads the advisory issued by CISA. The agency has emphasized the severity of the vulnerability and the potential for widespread exploitation.

Notably, Ivanti EPMM is not the only product affected; Sentry and Ivanti Neurons for MDM are also impacted, although cloud customers remain unaffected. However, it is essential to note that this distinction does not diminish the importance of addressing the vulnerability in all its forms.

**Ivanti's Response: Investigation Ongoing**

Ivanti has confirmed that they are aware of a limited number of customer exploits and are actively investigating the matter. Although no reliable indicators of compromise have been shared yet, technical guidance is being provided to affected customers.

"We are aware of a very limited number of customers who have been exploited at the time of disclosure," Ivanti stated in their advisory. The company has released a patch, expanded customer support, and is collaborating with security partners and law enforcement to mitigate the situation.

**A Call to Action: Addressing the Vulnerability**

As part of its Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities, FCEB agencies are required to address the identified vulnerabilities by February 2, 2026. This deadline underscores the urgency for federal agencies to prioritize patching and remediation.

Experts recommend that private organizations review the CISA KEV catalog and address the vulnerabilities in their infrastructure to prevent potential attacks. With the release of this critical vulnerability, it is imperative for all affected parties to take immediate action to mitigate the risk of exploitation.

**US CISA's Guidance: A Call to Action**

U.S. CISA has published an alert related to this flaw titled "Fortinet Releases Guidance to Address Ongoing Exploitation of Authentication Bypass Vulnerability CVE-2026-24858." This serves as a clear reminder for all stakeholders to prioritize vulnerability management and take proactive measures to protect their networks.

As the cybersecurity landscape continues to evolve, it is essential for organizations to stay informed about emerging threats and vulnerabilities. By addressing this critical flaw in Ivanti EPMM, we can collectively reduce the risk of attacks and ensure a safer digital environment for all.