Ivanti EPMM zero-days under attack

Two Ivanti EPMM zero-day RCE flaws (actively exploited)

Ivanti released fixes for two actively exploited zero-day RCE vulnerabilities in Endpoint Manager Mobile (EPMM), including CVE-2026-1281, now in CISA’s KEV. Impacted versions and mitigations are detailed by vendors and advisories; exploitation has been observed in the wild. Admins should patch urgently, restrict management interfaces, monitor logs for suspicious activity, and consider short-term mitigations if patching is delayed.

Mobile device management shouldn’t be your weakest link. Ivanti has issued updates for two actively exploited RCE flaws in EPMM, including CVE-2026-1281 (now on CISA’s KEV list). Attackers are racing defenders; don’t leave management consoles exposed.

Immediate steps:
• Patch to the fixed builds as per Ivanti’s bulletin.
• Restrict access to EPMM admin interfaces (VPN/allowlist only).
• Log review: look for unusual admin sessions, configuration changes, and outbound connections.
• Segmentation: ensure EPMM can’t reach where it shouldn’t.

If you can’t patch today: disable unneeded modules, put the console behind a VPN, and monitor aggressively for exploitation attempts until maintenance windows open. RCE on your MDM platform is a red carpet for device-wide compromise.