Description
A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution.
Published: 2026-01-29
Score: 9.8 Critical
EPSS: 65.9% High
KEV: Yes
Impact: n/a
Action: n/a
AI Analysis

Impact

Ivanti Endpoint Manager Mobile contains a code injection flaw that allows attackers to inject arbitrary code and execute it without authentication. This flaw is classified as CWE-94, indicating that the application fails to properly validate or sanitize input before using it in a code context. Because unauthenticated users can trigger code execution, a malicious actor who can reach the vulnerable component can run arbitrary code on the targeted system.

Affected Systems

The affected product is Ivanti Endpoint Manager Mobile. No specific version information is supplied, so any deployment of this product is considered potentially vulnerable until a detailed assessment confirms otherwise.

Risk and Exploitability

The CVSS score of 9.8 signifies critical severity, and the EPSS score of 66% indicates a high likelihood of exploitation in the general population. The vulnerability is listed in CISA’s Known Exploited Vulnerabilities catalog, indicating that active exploitation has been observed. Based on the description, the attack vector is inferred to be through the mobile endpoint, likely via in‑app requests or API calls, and does not require prior authentication. An attacker can exploit the flaw by sending a crafted payload that is executed on the server, leading to remote code execution and full compromise of the system.

Generated by OpenCVE AI on May 22, 2026 at 15:36 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the vendor‑issued patch or upgrade to the latest Ivanti Endpoint Manager Mobile release that addresses the code‑injection flaw.
  • Reconfigure the application to enforce authenticated access for all API endpoints that accept payloads and disable any unneeded remote‑code‑execution interfaces.
  • Implement comprehensive logging and monitoring on the Endpoint Manager Mobile server to detect anomalous request patterns and alert on potential exploitation attempts.

Generated by OpenCVE AI on May 22, 2026 at 15:36 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 22 May 2026 16:00:00 +0000

Type Values Removed Values Added
Title Unauthenticated Remote Code Execution in Ivanti Endpoint Manager Mobile

Sat, 16 May 2026 15:30:00 +0000

Type Values Removed Values Added
Title Unauthenticated Remote Code Execution in Ivanti Endpoint Manager Mobile

Fri, 15 May 2026 15:30:00 +0000

Type Values Removed Values Added
Title Unauthenticated Code Injection in Ivanti Endpoint Manager Mobile Enables Remote Execution

Thu, 14 May 2026 15:15:00 +0000

Type Values Removed Values Added
Title Unauthenticated Code Injection in Ivanti Endpoint Manager Mobile Enables Remote Execution

Tue, 12 May 2026 16:00:00 +0000

Type Values Removed Values Added
Title Remote Code Injection in Ivanti Endpoint Manager Mobile

Mon, 11 May 2026 18:30:00 +0000

Type Values Removed Values Added
Title Remote Code Injection in Ivanti Endpoint Manager Mobile

Sun, 10 May 2026 15:30:00 +0000

Type Values Removed Values Added
Title Unauthenticated Remote Code Execution in Ivanti Endpoint Manager Mobile

Sat, 09 May 2026 15:30:00 +0000

Type Values Removed Values Added
Title Unauthenticated Remote Code Execution in Ivanti Endpoint Manager Mobile

Fri, 08 May 2026 17:00:00 +0000

Type Values Removed Values Added
Title Unauthenticated Remote Code Execution via Code Injection in Ivanti Endpoint Manager Mobile

Sat, 02 May 2026 01:15:00 +0000

Type Values Removed Values Added
Title Unauthenticated Remote Code Execution via Code Injection in Ivanti Endpoint Manager Mobile

Wed, 29 Apr 2026 22:00:00 +0000

Type Values Removed Values Added
Title Unauthenticated Remote Code Execution in Ivanti Endpoint Manager Mobile via Code Injection

Wed, 29 Apr 2026 01:15:00 +0000

Type Values Removed Values Added
Title Unauthenticated Remote Code Execution in Ivanti Endpoint Manager Mobile via Code Injection

Tue, 28 Apr 2026 10:00:00 +0000

Type Values Removed Values Added
Title Unauthenticated Remote Code Execution in Ivanti Endpoint Manager Mobile via Code Injection

Wed, 22 Apr 2026 06:30:00 +0000

Type Values Removed Values Added
Title Unauthenticated Remote Code Execution in Ivanti Endpoint Manager Mobile via Code Injection

Sat, 18 Apr 2026 01:45:00 +0000

Type Values Removed Values Added
Title Unauthenticated Remote Code Execution via Code Injection in Ivanti Endpoint Manager Mobile

Wed, 15 Apr 2026 18:15:00 +0000

Type Values Removed Values Added
Title Unauthenticated Remote Code Execution via Code Injection in Ivanti Endpoint Manager Mobile

Wed, 08 Apr 2026 20:15:00 +0000

Type Values Removed Values Added
References
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

 ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'active', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 08 Apr 2026 17:45:00 +0000

Type Values Removed Values Added
Metrics kev

{'dateAdded': '2026-04-08T00:00:00+00:00', 'dueDate': '2026-04-11T00:00:00+00:00'}

Fri, 20 Feb 2026 20:00:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:ivanti:endpoint_manager_mobile:*:*:*:*:*:*:*:*

Fri, 30 Jan 2026 09:00:00 +0000

Type Values Removed Values Added
First Time appeared Ivanti
Ivanti endpoint Manager Mobile
Vendors & Products Ivanti
Ivanti endpoint Manager Mobile

Thu, 29 Jan 2026 22:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 29 Jan 2026 22:00:00 +0000

Type Values Removed Values Added
Description A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution.
Weaknesses CWE-94
References
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Ivanti Endpoint Manager Mobile
cve-icon MITRE

Status: PUBLISHED

Assigner: ivanti

Published:

Updated: 2026-04-09T03:55:54.081Z

Reserved: 2026-01-22T14:59:56.988Z

Link: CVE-2026-1340

cve-icon Vulnrichment

Updated: 2026-01-29T22:07:06.086Z

cve-icon NVD

Status : Analyzed

Published: 2026-01-29T22:15:53.313

Modified: 2026-04-09T14:03:31.767

Link: CVE-2026-1340

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-22T15:45:16Z

Weaknesses