top of page
perceptive_background_267k.jpg

CISA orders feds to patch exploited Ivanti EPMM flaw by Sunday

Published:

8 april 2026 om 18:15:27

Alert date:

8 april 2026 om 19:01:37

Source:

bleepingcomputer.com

Click to open the original link from this advisory

Enterprise Applications, Zero-Day Vulnerabilities, Critical Infrastructure, Mobile & IoT

CISA has issued an emergency directive ordering U.S. government agencies to patch a critical-severity vulnerability in Ivanti Endpoint Manager Mobile (EPMM) within four days. The vulnerability has been actively exploited in attacks since January. Federal agencies must secure their systems by Sunday to protect against ongoing exploitation. This directive highlights the urgent nature of the security flaw and its potential impact on government infrastructure.

Technical details

CVE-2026-1340 is a critical-severity code injection vulnerability in Ivanti Endpoint Manager Mobile (EPMM) that enables threat actors without privileges to gain remote code execution on Internet-exposed and unpatched EPMM appliances. The vulnerability has been exploited in zero-day attacks since January. Successful exploitation leads to unauthenticated remote code execution. Shadowserver is tracking nearly 950 IP addresses with Ivanti EPMM fingerprints still exposed online, with most from Europe (569) and North America (206).

Mitigation steps:

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. Federal Civilian Executive Branch (FCEB) agencies must patch their EPMM systems by Saturday midnight, April 11. All defenders should prioritize applying patches for CVE-2026-1340 to secure their organizations' devices as soon as possible.

Affected products:

Ivanti Endpoint Manager Mobile (EPMM)
Ivanti Connect Secure

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2026-1340
https://www.bleepingcomputer.com/news/security/ivanti-warns-of-two-epmm-flaws-exploited-in-zero-day-attacks/
https://bsky.app/profile/shadowserver.bsky.social/post/3majeq7gru22k
https://www.cisa.gov/news-events/alerts/2026/04/08/cisa-adds-one-known-exploited-vulnerability-catalog
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2026-1340
https://www.cisa.gov/binding-operational-directive-22-01
https://www.bleepingcomputer.com/news/security/ivanti-fixes-epmm-zero-days-chained-in-code-execution-attacks/
https://www.bleepingcomputer.com/news/security/ivanti-patches-connect-secure-zero-day-exploited-since-mid-march/
https://www.bleepingcomputer.com/news/security/ivanti-warns-of-three-more-csa-zero-days-exploited-in-attacks/
https://www.bleepingcomputer.com/news/security/ivanti-warns-of-new-connect-secure-zero-day-exploited-in-attacks/
https://www.bleepingcomputer.com/news/security/cisa-emergency-directive-mitigate-ivanti-zero-days-immediately/
https://www.bleepingcomputer.com/news/security/ivanti-epmm-flaw-exploited-by-chinese-hackers-to-breach-govt-agencies/
https://www.bleepingcomputer.com/news/security/norway-says-ivanti-zero-day-was-used-to-hack-govt-it-systems/
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=ivanti&field_date_added_wrapper=all&field_cve=&sort_by=field_date_added&items_per_page=All&url=

Related CVE's:

Related threat actors:

IOC's:

Nearly 950 IP addresses with Ivanti EPMM fingerprints exposed online

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Deze website toont informatie afkomstig van externe bronnen; Perceptive aanvaardt geen verantwoordelijkheid voor de juistheid, volledigheid of actualiteit van deze informatie.

bottom of page