PT-2026-5358 · Ivanti · Ivanti Endpoint Manager Mobile
Published
2026-01-29
·
Updated
2026-03-26
·
CVE-2026-1340
CVSS v2.0
10
Critical
| AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Ivanti Endpoint Manager Mobile versions prior to 12.7.x
Description
A code injection flaw exists in Ivanti Endpoint Manager Mobile, enabling attackers to execute arbitrary code remotely without authentication. The flaw stems from improper code generation management. Exploitation allows a remote attacker to achieve unauthenticated remote code execution (RCE).
Recommendations
Versions prior to 12.7.x should be updated.
Fix
RCE
Code Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ivanti Endpoint Manager Mobile