Ivanti security advisory (AV26-068) – Update 1

Serial number: AV26-068
Date: January 29, 2026
Updated: January 30, 2026

On January 29, 2026, Ivanti published a security advisory to address critical vulnerabilities in the following product:

• Ivanti Endpoint Manager Mobile (EPMM) – version 12.5.0.0 and prior, 12.6.0.0 and prior, 12.7.0.0 and prior, version 12.5.1.0 and prior and 12.6.1.0 and prior

Update 1

On January 29, 2026, Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2026-1281 to their Known Exploited Vulnerabilities (KEV) Database.

Ivanti has stated that vulnerabilities CVE-2026-1281 & CVE-2026-1340 have been exploited in the wild.

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.

• Security Advisory Ivanti Endpoint Manager Mobile (EPMM) (CVE-2026-1281 & CVE-2026-1340)
• Analysis Guidance Ivanti Endpoint Manager Mobile (EPMM) CVE-2026-1281 & CVE-2026-1340
• Ivanti Security Advisories
• CISA KEV: CVE-2026-1281