Cyber Posture

CVE-2026-1340

CriticalCISA KEVActive ExploitationRCE

Published: 29 January 2026

Published
29 January 2026
Modified
09 April 2026
KEV Added
08 April 2026
Patch
CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.7068 98.7th percentile
Risk Priority 82 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-1340 is a critical-severity Code Injection (CWE-94) vulnerability in Ivanti Endpoint Manager Mobile. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 1.3% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190). What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
prevent

Mandates timely identification, reporting, and correction of software flaws like CVE-2026-1340 via patching to prevent unauthenticated remote code execution.

SI-10 Information Input Validation good match
prevent

Enforces validation of information inputs to directly counter code injection vulnerabilities such as CVE-2026-1340 at network entry points.

RA-5 Vulnerability Monitoring and Scanning partial match
detect

Requires vulnerability scanning to identify systems affected by CVE-2026-1340, enabling prioritized remediation before exploitation.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
Why these techniques?

CVE-2026-1340 enables unauthenticated remote code execution via code injection in a public-facing Ivanti EPMM server, directly facilitating T1190: Exploit Public-Facing Application.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution.

Deeper analysisAI

CVE-2026-1340 is a code injection vulnerability (CWE-94) affecting Ivanti Endpoint Manager Mobile (EPMM). Published on 2026-01-29, it enables unauthenticated remote code execution on vulnerable systems. The flaw carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), marking it as critical due to its high impact across confidentiality, integrity, and availability.

Any network-accessible attacker can exploit CVE-2026-1340 without authentication, privileges, or user interaction, and with low attack complexity. Successful exploitation allows remote code execution, potentially compromising the EPMM server and enabling full control over the affected endpoint management infrastructure.

Ivanti's security advisory (covering CVE-2026-1281 and CVE-2026-1340) provides details on the issue for EPMM. The vulnerability is also listed in CISA's Known Exploited Vulnerabilities Catalog, urging federal agencies to patch promptly. Practitioners should review these advisories for available patches and mitigation guidance.

Its inclusion in CISA's KEV catalog indicates real-world exploitation is occurring.

Details

CWE(s)
CWE-94
KEV Date Added
08 April 2026

Affected Products

ivanti
endpoint manager mobile
≤ 12.7.0.0

CVEs Like This One

CVE-2026-1281Same product: Ivanti Endpoint Manager Mobileboth on KEV
CVE-2026-6973Same product: Ivanti Endpoint Manager Mobileboth on KEV
CVE-2026-7821Same product: Ivanti Endpoint Manager Mobile
CVE-2026-5787Same product: Ivanti Endpoint Manager Mobile
CVE-2026-5788Same product: Ivanti Endpoint Manager Mobile
CVE-2026-5786Same product: Ivanti Endpoint Manager Mobile
CVE-2025-0282Same vendor: Ivantiboth on KEV
CVE-2024-10644Same vendor: Ivanti
CVE-2026-1603Same vendor: Ivantiboth on KEV
CVE-2025-6204Shared CWE-94both on KEV

References