CVE-2026-1340

CVSS v3.1

9.8

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Ivanti Endpoint Manager Mobile versions 12.7.x and earlier

Description A code injection exists in Ivanti Endpoint Manager Mobile that allows attackers to achieve unauthenticated remote code execution. This means attackers can run arbitrary code without needing to log in. The issue allows for the execution of code on affected systems.

Recommendations Update Ivanti Endpoint Manager Mobile to a version newer than 12.7.x.

Fix

RCE

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-94

Related Identifiers

CVE-2026-1340

Affected Products

Ivanti Endpoint Manager Mobile

CVE-2026-1340

Weakness Enumeration

Related Identifiers

Affected Products

References · 87