Description
A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution.
Published: 2026-01-29
Score: 9.8 Critical
EPSS: 71.8% High
KEV: Yes
Impact: Remote Code Execution
Action: Immediate Patch
AI Analysis

Impact

A code injection flaw in Ivanti Endpoint Manager Mobile allows attackers to execute arbitrary code without requiring authentication. The vulnerability is a classic code injection (CWE-94) that can be leveraged to run malicious commands on the device or server hosting the application, potentially compromising confidentiality, integrity, and availability of managed endpoints.

Affected Systems

The affected product is Ivanti Endpoint Manager Mobile. The vulnerability manifests in multiple releases, including version 12.5.1.0 and all subsequent 12.6.x and 12.7.x releases such as 12.6.0.0, 12.6.1.0, and 12.7.0.0.

Risk and Exploitability

The CVSS v3.1 score of 9.8 indicates critical severity, and the EPSS score of 72% signals a high likelihood of exploitation. The vulnerability is listed in the CISA Known Exploited Vulnerabilities catalog, underscoring its real‑world impact. Attackers can exploit the flaw remotely, without prior authentication, to achieve arbitrary code execution on affected instances. Consequently, the risk is immediate and severe for organizations running the impacted versions.

Generated by OpenCVE AI on April 18, 2026 at 01:19 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Ivanti Endpoint Manager Mobile to a version that has patched the code injection vulnerability.
  • If an immediate upgrade is not feasible, temporarily disable any exposed interfaces or features that allow remote code execution until a patch is applied.
  • Employ network segmentation or firewall rules to restrict external traffic to the Endpoint Manager Mobile servers, minimizing the attack surface.
  • Continuously monitor system logs for anomalous activity indicative of exploitation attempts.

Generated by OpenCVE AI on April 18, 2026 at 01:19 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sat, 18 Apr 2026 01:45:00 +0000

Type Values Removed Values Added
Title Unauthenticated Remote Code Execution via Code Injection in Ivanti Endpoint Manager Mobile

Fri, 30 Jan 2026 13:30:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:ivanti:endpoint_manager_mobile:*:*:*:*:*:*:*:*
cpe:2.3:a:ivanti:endpoint_manager_mobile:12.5.1.0:*:*:*:*:*:*:*
cpe:2.3:a:ivanti:endpoint_manager_mobile:12.6.0.0:*:*:*:*:*:*:*
cpe:2.3:a:ivanti:endpoint_manager_mobile:12.6.1.0:*:*:*:*:*:*:*
cpe:2.3:a:ivanti:endpoint_manager_mobile:12.7.0.0:*:*:*:*:*:*:*

Fri, 30 Jan 2026 09:00:00 +0000

Type Values Removed Values Added
First Time appeared Ivanti
Ivanti endpoint Manager Mobile
Vendors & Products Ivanti
Ivanti endpoint Manager Mobile

Thu, 29 Jan 2026 22:15:00 +0000

Type Values Removed Values Added
References
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'active', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 29 Jan 2026 22:00:00 +0000

Type Values Removed Values Added
Description A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution.
Weaknesses CWE-94
References
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

kev

{'dateAdded': '2026-01-29T00:00:00+00:00', 'dueDate': '2026-02-01T00:00:00+00:00'}

Subscriptions

Ivanti Endpoint Manager Mobile
cve-icon MITRE

Status: PUBLISHED

Assigner: ivanti

Published:

Updated: 2026-02-26T15:04:43.985Z

Reserved: 2026-01-21T03:38:00.740Z

Link: CVE-2026-1281

cve-icon Vulnrichment

Updated: 2026-01-29T21:59:55.303Z

cve-icon NVD

Status : Analyzed

Published: 2026-01-29T22:15:53.140

Modified: 2026-01-30T13:28:18.610

Link: CVE-2026-1281

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T01:30:16Z

Weaknesses