CVE-2026-1281

Name of the Vulnerable Software and Affected Versions Ivanti Endpoint Manager Mobile (affected versions not specified)

Description An unauthenticated remote code execution issue exists in Ivanti Endpoint Manager Mobile (EPMM) due to improper control of code generation. This occurs through a server-side template rendering pathway in the management interface, where improper input handling allows attacker-controlled expressions to be evaluated. A remote attacker can send crafted requests to the template rendering function to execute arbitrary OS-level commands in the context of the EPMM service. This could lead to full server compromise, takeover of the MDM infrastructure, exposure of stored credentials and secrets, and lateral movement into internal networks.

Recommendations Apply Ivanti security updates for EPMM as published in the official advisory channel. Restrict access to management ports, typically '443' and '8443', to VPN, jump hosts, and allowlisted IPs only. Disable non-essential template rendering features or endpoints as a temporary containment measure.