Signal

Ivanti patches critical EPMM flaws; CVE-2026-1281 confirmed exploited and added to CISA KE

Evidence first: scan the strongest sources, then decide whether to go deeper.

Published 2026-01-30 04:43 UTCUpdated 2026-01-30 16:14 UTC

rss

cvesexploited_in_the_wildzero_dayivantimobile_device_managementpatching

Source links open

Source links and full evidence are open here. Archive history, compare-over-time, alerts, exports, API, integrations, and workflow are paid.

Back Evidence (2)Get the free brief by email Start free trial

No card needed for the free brief.

Evidence trail (top sources)

top sources (2 domains)

2 top sources shown

Critical Ivanti Endpoint Manager Mobile (EPMM) zero-day exploited in the wild (CVE-2026-1281 & CVE-2026-1340)

Rapid7 Blog · News · rapid7.com · 2026-01-30 16:14 UTC

Two Ivanti EPMM Zero-Day RCE Flaws Actively Exploited, Security Updates Released

The Hacker News · News · thehackernews.com · 2026-01-30 04:43 UTC

limited source diversity in top sources

View all evidence

Overview

Ivanti disclosed and patched two critical Ivanti Endpoint Manager Mobile (EPMM) vulnerabilities (CVE-2026-1281 and CVE-2026-1340) described as code injection issues. Reporting indicates exploitation occurred prior to disclosure, with CVE-2026-1281 confirmed exploited in the wild and subsequently added to CISA’s Known Exploited Vulnerabilities (KEV) catalog, increasing urgency for organizations running EPMM to apply updates and assess exposure.

Entities

IvantiCISAIvanti Endpoint Manager Mobile (EPMM)Known Exploited Vulnerabilities (KEV) catalog

Score total

1.02

Momentum 24h

Posts

Origins

Source types

Duplicate ratio

Why now

Ivanti disclosed the issues and released updates (reported Jan 29, 2026)
CISA added CVE-2026-1281 to the KEV catalog shortly after disclosure
Multiple outlets are flagging active exploitation and patch availability

Why it matters

Confirmed exploitation raises immediate compromise risk for unpatched EPMM deployments
KEV inclusion is a strong signal to prioritize remediation
Code injection flaws can enable remote compromise in affected environments

LLM analysis

Topic mix: lowPromo risk: lowSource quality: high

Recurring claims

Ivanti disclosed and released updates for two critical EPMM vulnerabilities: CVE-2026-1281 and CVE-2026-1340.
CVE-2026-1281 is confirmed exploited in the wild and was added to CISA’s KEV catalog shortly after disclosure.
Both CVEs are described as code injection issues; Rapid7 notes it is unclear whether CVE-2026-1340 was also exploited in the wild.

How sources frame it

Rapid7 Blog: neutral
The Hacker News: neutral

Both sources report active exploitation and KEV inclusion; treat CVE-2026-1340 exploitation status as unclear per Rapid7.

All evidence

Critical Ivanti Endpoint Manager Mobile (EPMM) zero-day exploited in the wild (CVE-2026-1281 & CVE-2026-1340)

Rapid7 Blog · rapid7.com · 2026-01-30 16:14 UTC

Two Ivanti EPMM Zero-Day RCE Flaws Actively Exploited, Security Updates Released

The Hacker News · thehackernews.com · 2026-01-30 04:43 UTC

Show filters & breakdown

Posts loaded: 0Publishers: 2Origin domains: 2Duplicates: -

Platform

Publisher

Origin domain

Relevance tier

Duplicates only

Showing 2 / 0

Top publishers (this list)

Rapid7 Blog (1)
The Hacker News (1)

Top origin domains (this list)

rapid7.com (1)
thehackernews.com (1)