In November 2025, Ivantirolled out fixesfor two of the bugs, both high-severity weaknesses, and has now releasedpatchesfor the remaining flaws.The company says it is not aware of any of these vulnerabilities being exploited in the wild, but users are advised to update to EPM 2024 SU5 as soon as possible.As Ivanti warned in October, EPM version 2022 has reached End of Life (EOL) and is no longer receiving security updates. Users should migrate to a supported EPM version.On Tuesday, Ivanti also updated its advisory for two recently disclosed Endpoint Manager Mobile (EPMM) vulnerabilities thathave been exploited as zero-days.Tracked as CVE-2026-1281 and CVE-2026-1340 (CVSS score of 9.8) and leading to unauthenticated remote code execution (RCE), they were exploited to deploy web shells and reverse shells for persistence, Ivanti said in late January.Last week, the company updated itsadvisoryto include indicators of compromise (IoCs) and a detection script, and has now included guidance on false positives.Related:Fortinet Patches High-Severity VulnerabilitiesRelated:6 Actively Exploited Zero-Days Patched by Microsoft With February 2026 UpdatesRelated:SAP Patches Critical CRM, S/4HANA, NetWeaver VulnerabilitiesRelated:Ivanti EPM Update Patches Critical Remote Code Execution Flaw
The company says it is not aware of any of these vulnerabilities being exploited in the wild, but users are advised to update to EPM 2024 SU5 as soon as possible.As Ivanti warned in October, EPM version 2022 has reached End of Life (EOL) and is no longer receiving security updates. Users should migrate to a supported EPM version.On Tuesday, Ivanti also updated its advisory for two recently disclosed Endpoint Manager Mobile (EPMM) vulnerabilities thathave been exploited as zero-days.Tracked as CVE-2026-1281 and CVE-2026-1340 (CVSS score of 9.8) and leading to unauthenticated remote code execution (RCE), they were exploited to deploy web shells and reverse shells for persistence, Ivanti said in late January.Last week, the company updated itsadvisoryto include indicators of compromise (IoCs) and a detection script, and has now included guidance on false positives.Related:Fortinet Patches High-Severity VulnerabilitiesRelated:6 Actively Exploited Zero-Days Patched by Microsoft With February 2026 UpdatesRelated:SAP Patches Critical CRM, S/4HANA, NetWeaver VulnerabilitiesRelated:Ivanti EPM Update Patches Critical Remote Code Execution Flaw
As Ivanti warned in October, EPM version 2022 has reached End of Life (EOL) and is no longer receiving security updates. Users should migrate to a supported EPM version.On Tuesday, Ivanti also updated its advisory for two recently disclosed Endpoint Manager Mobile (EPMM) vulnerabilities thathave been exploited as zero-days.Tracked as CVE-2026-1281 and CVE-2026-1340 (CVSS score of 9.8) and leading to unauthenticated remote code execution (RCE), they were exploited to deploy web shells and reverse shells for persistence, Ivanti said in late January.Last week, the company updated itsadvisoryto include indicators of compromise (IoCs) and a detection script, and has now included guidance on false positives.Related:Fortinet Patches High-Severity VulnerabilitiesRelated:6 Actively Exploited Zero-Days Patched by Microsoft With February 2026 UpdatesRelated:SAP Patches Critical CRM, S/4HANA, NetWeaver VulnerabilitiesRelated:Ivanti EPM Update Patches Critical Remote Code Execution Flaw
On Tuesday, Ivanti also updated its advisory for two recently disclosed Endpoint Manager Mobile (EPMM) vulnerabilities thathave been exploited as zero-days.Tracked as CVE-2026-1281 and CVE-2026-1340 (CVSS score of 9.8) and leading to unauthenticated remote code execution (RCE), they were exploited to deploy web shells and reverse shells for persistence, Ivanti said in late January.Last week, the company updated itsadvisoryto include indicators of compromise (IoCs) and a detection script, and has now included guidance on false positives.Related:Fortinet Patches High-Severity VulnerabilitiesRelated:6 Actively Exploited Zero-Days Patched by Microsoft With February 2026 UpdatesRelated:SAP Patches Critical CRM, S/4HANA, NetWeaver VulnerabilitiesRelated:Ivanti EPM Update Patches Critical Remote Code Execution Flaw
Tracked as CVE-2026-1281 and CVE-2026-1340 (CVSS score of 9.8) and leading to unauthenticated remote code execution (RCE), they were exploited to deploy web shells and reverse shells for persistence, Ivanti said in late January.Last week, the company updated itsadvisoryto include indicators of compromise (IoCs) and a detection script, and has now included guidance on false positives.Related:Fortinet Patches High-Severity VulnerabilitiesRelated:6 Actively Exploited Zero-Days Patched by Microsoft With February 2026 UpdatesRelated:SAP Patches Critical CRM, S/4HANA, NetWeaver VulnerabilitiesRelated:Ivanti EPM Update Patches Critical Remote Code Execution Flaw
Last week, the company updated itsadvisoryto include indicators of compromise (IoCs) and a detection script, and has now included guidance on false positives.Related:Fortinet Patches High-Severity VulnerabilitiesRelated:6 Actively Exploited Zero-Days Patched by Microsoft With February 2026 UpdatesRelated:SAP Patches Critical CRM, S/4HANA, NetWeaver VulnerabilitiesRelated:Ivanti EPM Update Patches Critical Remote Code Execution Flaw
Related:Fortinet Patches High-Severity VulnerabilitiesRelated:6 Actively Exploited Zero-Days Patched by Microsoft With February 2026 UpdatesRelated:SAP Patches Critical CRM, S/4HANA, NetWeaver VulnerabilitiesRelated:Ivanti EPM Update Patches Critical Remote Code Execution Flaw
Related:6 Actively Exploited Zero-Days Patched by Microsoft With February 2026 UpdatesRelated:SAP Patches Critical CRM, S/4HANA, NetWeaver VulnerabilitiesRelated:Ivanti EPM Update Patches Critical Remote Code Execution Flaw
Related:SAP Patches Critical CRM, S/4HANA, NetWeaver VulnerabilitiesRelated:Ivanti EPM Update Patches Critical Remote Code Execution Flaw
Related:Ivanti EPM Update Patches Critical Remote Code Execution Flaw
Source: SecurityWeek
