CVE-2026-1281 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	9.8 CRITICAL	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
ivanti	CNA	9.8 CRITICAL	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 93%

Affected Products (NVD)

Vendor	Product	Version
ivanti	endpoint_manager_mobile	𝑥 ≤ 12.5.0.0
ivanti	endpoint_manager_mobile	12.5.1.0
ivanti	endpoint_manager_mobile	12.6.0.0
ivanti	endpoint_manager_mobile	12.6.1.0
ivanti	endpoint_manager_mobile	12.7.0.0

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-94 - Improper Control of Generation of Code ('Code Injection')
The software constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

Vulnerability Media Exposure

[GERMAN] Updaten! Attackierte Lücke in Ivanti Endpoint Manager Mobile
In Ivantis Endpoint Manager Mobile klaffen zwei kritische Sicherheitslecks. Angriffe laufen, Admins sollten schnell updaten.
Published: 2026-01-30T07:30:00+00:00
[ENGLISH] Two Ivanti EPMM Zero-Day RCE Flaws Actively Exploited, Security Updates Released
Ivanti has rolled out security updates to address two security flaws impacting Ivanti Endpoint Manager Mobile (EPMM) that have been exploited in zero-day attacks, one of which has been added by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to its Known Exploited Vulnerabilities (KEV) catalog. The critical-severity vulnerabilities are listed below - CVE-2026-1281 (CVSS score:
Published: 2026-01-30T10:13:00+05:30
[GERMAN] Ivanti Endpoint Manager Mobile: Mehrere Schwachstellen ermöglichen Codeausführung
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Ivanti Endpoint Manager Mobile ausnutzen, um beliebigen Programmcode auszuführen.
Published: 2026-01-29T23:00:00+00:00
[ENGLISH] January blues return as Ivanti coughs up exploited EPMM zero-days
Consider yourselves compromised, experts warn Ivanti has patched two critical zero-day vulnerabilities in its Endpoint Manager Mobile (EPMM) product that are already being exploited, continuing a grim run of January security incidents for enterprise IT vendors.…
Published: 2026-01-30T22:01:28+00:00
[ENGLISH] ⚡ Weekly Recap: Proxy Botnet, Office Zero-Day, MongoDB Ransoms, AI Hijacks & New Threats
Every week brings new discoveries, attacks, and defenses that shape the state of cybersecurity. Some threats are stopped quickly, while others go unseen until they cause real damage. Sometimes a single update, exploit, or mistake changes how we think about risk and protection. Every incident shows how defenders adapt — and how fast attackers try to stay ahead. This week’s recap brings you the
Published: 2026-02-02T17:29:00+05:30

References

https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Endpoint-Manager-Mobile-EPMM-CVE-2026-1281-CVE-2026-1340

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-1281