CVE-2026-1340

Summary

A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution.

Affected Software

VendorProductVersion RangeStatus
IvantiEndpoint Manager Mobile12.x.1.x RPMunaffected
IvantiEndpoint Manager Mobile12.x.0.x RPMunaffected

Weaknesses

  • CWE-94: CWE-94 Improper Control of Generation of Code ('Code Injection')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: active
    • Automatable: yes
    • Technical Impact: total

Additional References

References