Summary: CISA has added CVE-2026-1281 to the Known Exploited Vulnerabilities (KEV) catalog. This critical flaw in Ivanti Endpoint Manager Mobile (EPMM) allows for unauthenticated code injection. Active exploitation has been detected in the wild, primarily targeting government and high-value corporate mobile fleets.
Business Impact: Critical. Since EPMM manages mobile device policy and access, a compromise here allows an attacker to push malicious apps or configurations to every managed smartphone in the organization, bypassing all mobile security controls.
Why It Happened: Improper input validation in the administrative API allowed attackers to inject commands that are executed with system-level privileges on the management appliance.
Recommended Executive Action: Patch Ivanti EPMM instances within 24 hours. For clients in the GCC, isolate the management interface from the public internet and verify that no unauthorized administrative accounts were created in the last 48 hours.
Hashtags: #Ivanti #CISA #KEV #MobileSecurity #EPMM #ZeroDay #ThreatIntel