Forwarded from Taiwan Computer Network Crisis Management and Coordination Center: Cybersecurity Alert TWCERTCC-200-202601-00000028

[Content Description]
Ivanti Endpoint Manager Mobile (EPMM) is a mobile device management solution that centrally manages iOS, Android, macOS, and Windows devices.

A recent security update patched two critical cybersecurity vulnerabilities (CVE-2026-1281 and CVE-2026-1340, both CVSS: 9.8). Both vulnerabilities are code injection vulnerabilities, allowing unauthenticated attackers to execute remote code.

[Affected Platforms]
Ivanti Endpoint Manager Mobile 12.5.0.0 and earlier
Ivanti Endpoint Manager Mobile 12.5.1.0 and earlier
Ivanti Endpoint Manager Mobile 12.6.0.0 and earlier
Ivanti Endpoint Manager Mobile 12.6.1.0 and earlier
Ivanti Endpoint Manager Mobile 12.7.0.0 and earlier

[Recommended Actions]
Patch according to the solution released on the official website: https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Endpoint-Manager-Mobile-EPMM-CVE-2026-1281-CVE-2026-1340?language=en_US