CVE-2026-1340

Published Jan 29, 2026

Last updated a month ago

CVSS critical 9.8
Ivanti Endpoint Manager Mobile
VPN
Mobile device

Overview

Description
A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution.
Source
3c1d8aa1-5a33-4ea4-8992-aadd6440af75
NVD status
Analyzed
Products
endpoint_manager_mobile

Risk scores

CVSS 3.1

Type
Secondary
Base score
9.8
Impact score
5.9
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity
CRITICAL

Weaknesses

3c1d8aa1-5a33-4ea4-8992-aadd6440af75
CWE-94

Social media

Hype score
Not currently trending

Configurations

Related CVEs

  1. Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2, 10.11.x <= 10.11.10 fail to use consistent error responses when handling the /mute command which allows an authenticated team member to enumerate private channels they are not authorized to know about via differing error messages for nonexistent versus private channels. Mattermost Advisory ID: MMSA-2026-00588CVE-2026-21386
  2. Qualcomm Multiple Chipsets Memory Corruption VulnerabilityCVE-2026-21385
  3. Use-after-free in the JavaScript Engine component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.CVE-2026-2786
  4. ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a crafted MSL script triggers a heap-use-after-free. The operation element handler replaces and frees the image while the parser continues reading from it, leading to a UAF in ReadBlobString during further parsing. Versions 7.1.2-15 and 6.9.13-40 contain a patch.CVE-2026-25983
  5. Apple Multiple Buffer Overflow VulnerabilityCVE-2026-20700

References

Sources include official advisories and independent security research.