High Threat Security Alert (A26-05-10): Multiple Vulnerabilities in Ivanti Endpoint Manager Mobile

Description:

Ivanti has released security advisories to address the vulnerabilities in Ivanti Endpoint Manager Mobile. Detailed information about the vulnerabilities can be found at:
https://forums.ivanti.com/s/article/kA1UL0000007pFV0AY
https://forums.ivanti.com/s/article/kA1UL0000008lY10AI

Reports indicated that remote code execution vulnerabilities (CVE-2026-1281, CVE-2026-1340 and CVE-2026-6973) are being exploited in the wild. System administrators are advised to take immediate action to patch your affected systems to mitigate the elevated risk of cyber attacks.

Affected Systems:

• Ivanti Endpoint Manager Mobile versions prior to 12.5.0.0
• Ivanti Endpoint Manager Mobile versions prior to 12.6.0.0
• Ivanti Endpoint Manager Mobile versions prior to 12.7.0.0
• Ivanti Endpoint Manager Mobile versions prior to 12.8.0.0

For detailed information of the affected systems, please refer to the corresponding security advisories at vendor's website.

Impact:

Successful exploitation of the vulnerabilities could lead to remote code execution, elevation of privilege, information disclosure or spoofing on an affected system.

Recommendation:

Patches for affected systems are available. System administrators of affected systems should follow the recommendations provided by the vendor and take immediate actions to mitigate the risk.

More Information:

• https://forums.ivanti.com/s/article/kA1UL0000007pFV0AY
• https://forums.ivanti.com/s/article/kA1UL0000008lY10AI
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1281
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1340
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5786 (to CVE-2026-5788)
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6973
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-7821