Signal

Ivanti patches exploited EPMM zero-days (CVE-2026-1281, CVE-2026-1340)

Evidence first: scan the strongest sources, then decide whether to go deeper.

Published 2026-01-30 16:14 UTCUpdated 2026-01-30 22:01 UTC

rss

cvezero_dayexploited_in_the_wildmobile_device_managemententerprise_securitypatching

Source links open

Source links and full evidence are open here. Archive history, compare-over-time, alerts, exports, API, integrations, and workflow are paid.

Back Evidence (2)Get the free brief by email Start free trial

No card needed for the free brief.

Evidence trail (top sources)

top sources (2 domains)

2 top sources shown

January blues return as Ivanti coughs up exploited EPMM zero-days

theregister_security · News · go.theregister.com · 2026-01-30 22:01 UTC

Critical Ivanti Endpoint Manager Mobile (EPMM) zero-day exploited in the wild (CVE-2026-1281 & CVE-2026-1340)

Rapid7 Blog · News · rapid7.com · 2026-01-30 16:14 UTC

limited source diversity in top sources

View all evidence

Overview

Ivanti disclosed and patched two critical zero-day vulnerabilities in Endpoint Manager Mobile (EPMM): CVE-2026-1281 and CVE-2026-1340. Rapid7 reports Ivanti indicated exploitation occurred prior to disclosure, and notes CISA added CVE-2026-1281 to its KEV catalog with a near-term remediation deadline.

Entities

IvantiCISAEndpoint Manager Mobile (EPMM)Known Exploited Vulnerabilities (KEV) Catalog

Score total

Momentum 24h

Posts

Origins

Source types

Duplicate ratio

Why now

Ivanti disclosed the issues on Jan 29, 2026.
CISA quickly added CVE-2026-1281 to KEV with a Feb 1, 2026 due date.
Reporting indicates exploitation is already underway.

Why it matters

Exploitation was reported before disclosure, raising immediate compromise risk.
CISA KEV inclusion signals active threat and accelerates remediation timelines.
EPMM is enterprise-facing; unpatched systems may expose managed devices and networks.

LLM analysis

Topic mix: lowPromo risk: lowSource quality: high

Recurring claims

Ivanti disclosed two critical EPMM vulnerabilities (CVE-2026-1281 and CVE-2026-1340), with exploitation reported prior to disclosure.
CVE-2026-1281 was added to CISA’s KEV catalog with a short remediation deadline (Due Feb 1, 2026).

How sources frame it

Rapid7: neutral
The Register: neutral

Two sources report Ivanti EPMM critical zero-days, with at least one confirmed exploited in the wild and rapid remediation pressure.

All evidence

January blues return as Ivanti coughs up exploited EPMM zero-days

theregister_security · go.theregister.com · 2026-01-30 22:01 UTC

Critical Ivanti Endpoint Manager Mobile (EPMM) zero-day exploited in the wild (CVE-2026-1281 & CVE-2026-1340)

Rapid7 Blog · rapid7.com · 2026-01-30 16:14 UTC

Show filters & breakdown

Posts loaded: 0Publishers: 2Origin domains: 2Duplicates: -

Platform

Publisher

Origin domain

Relevance tier

Duplicates only

Showing 2 / 0

Top publishers (this list)

theregister_security (1)
Rapid7 Blog (1)

Top origin domains (this list)

go.theregister.com (1)
rapid7.com (1)