CVE-2026-1281

Published Jan 29, 2026

Last updated 2 months ago

Exploit knownCVSS critical 9.8
Ivanti Endpoint Manager Mobile
API
VPN
OT
Mobile device
Port (443)

Overview

Description
A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution.
Source
3c1d8aa1-5a33-4ea4-8992-aadd6440af75
NVD status
Analyzed
Products
endpoint_manager_mobile

Risk scores

CVSS 3.1

Type
Secondary
Base score
9.8
Impact score
5.9
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity
CRITICAL

Known exploits

Data from CISA

Vulnerability name
Ivanti Endpoint Manager Mobile (EPMM) Code Injection Vulnerability
Exploit added on
Jan 29, 2026
Exploit action due
Feb 1, 2026
Required action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Weaknesses

3c1d8aa1-5a33-4ea4-8992-aadd6440af75
CWE-94

Social media

Hype score
Not currently trending

  1. Top 30 CVEs for ecosystem (30 days). Top CVEs: CVE-2022-20775, CVE-2026-1281, CVE-2025-40551 VulnSocial — your risk exposure provider. #vulnsocial #CVE #CyberSecurity #VulnerabilityManagement https://t.co/S02Q7THYkX

    @vulnsocial

    5 Mar 2026

    0 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. 🚨 CVE-2026-1281 Critical Code Injection in Ivanti EPMM: What You Should Know 🚨 Discover the key information you need to know about CVE-2025-29927, an authentication bypass vulnerability in the middleware layer in Vercel’s Next.js. Learn more: https://t.co/FBnEhbfv8Y htt

    @pluralsight

    3 Feb 2026

    1136 Impressions

    0 Retweets

    0 Likes

    2 Bookmarks

    0 Replies

    0 Quotes

  3. Top 5 Trending CVEs: 1 - CVE-2026-21509 2 - CVE-2026-22812 3 - CVE-2026-0755 4 - CVE-2025-43529 5 - CVE-2026-1281 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W

    @CVEShield

    2 Feb 2026

    192 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  4. Top 5 Trending CVEs: 1 - CVE-2025-43529 2 - CVE-2026-1281 3 - CVE-2026-24858 4 - CVE-2024-12084 5 - CVE-2026-24061 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W

    @CVEShield

    1 Feb 2026

    187 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. Top 5 Trending CVEs: 1 - CVE-2025-33217 2 - CVE-2023-41064 3 - CVE-2026-24423 4 - CVE-2026-1281 5 - CVE-2024-12084 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W

    @CVEShield

    31 Jan 2026

    127 Impressions

    0 Retweets

    1 Like

    1 Bookmark

    0 Replies

    0 Quotes

Configurations

Related CVEs

  1. GCB/FCB Audit Software developed by DrangSoft has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to directly access certain APIs to create a new administrative account.CVE-2026-4312
  2. Improper Protection of Alternate Path exists in the no-access and workdir feature of the AWS API MCP Server versions >= 0.2.14 and < 1.3.9 on all platforms may allow the bypass of intended file access restriction and expose arbitrary local file contents in the MCP client application context. To remediate this issue, users should upgrade to version 1.3.9.CVE-2026-4270
  3. Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2, 10.11.x <= 10.11.10 fail to use consistent error responses when handling the /mute command which allows an authenticated team member to enumerate private channels they are not authorized to know about via differing error messages for nonexistent versus private channels. Mattermost Advisory ID: MMSA-2026-00588CVE-2026-21386
  4. OliveTin gives access to predefined shell commands from a web interface. Prior to version 3000.10.3, an unauthenticated denial-of-service vulnerability exists in OliveTin’s OAuth2 login flow. Concurrent requests to /oauth/login can trigger unsynchronized access to a shared registeredStates map, causing a Go runtime panic (fatal error: concurrent map writes) and process termination. This allows remote attackers to crash the service when OAuth2 is enabled. This issue has been patched in version 3000.10.3.CVE-2026-28789
  5. Incorrect Authorization vulnerability in hexpm hexpm/hexpm ('Elixir.HexpmWeb.API.OAuthController' module) allows Privilege Escalation. An API key created with read-only permissions (domain: "api", resource: "read") can be escalated to full write access under specific conditions. When exchanging a read-only API key via the OAuth client_credentials grant, the resource qualifier is ignored. The resulting JWT receives the broad "api" scope instead of the expected "api:read" scope. This token is therefore treated as having full API access. If an attacker is able to obtain a victim's read-only API key and a valid 2FA (TOTP) code for the victim account, they can use the incorrectly scoped JWT to create a new full-access API key with unrestricted API permissions that does not expire by default and can perform write operations such as publishing, retiring, or modifying packages. This vulnerability is associated with program files lib/hexpm_web/controllers/api/oauth_controller.ex and program routines 'Elixir.HexpmWeb.API.OAuthController':validate_scopes_against_key/2. This issue affects hexpm: from 71829cb6f6559bcceb1ef4e43a2fb8cdd3af654b before 71c127afebb7ed7cc637eb231b98feb802d62999.CVE-2026-21621

References

Sources include official advisories and independent security research.