CVE-2026-1340

CriticalKnown Exploited

A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution.

ivanti·CWE-94·Published 2026-01-29

CVSS

9.8

EPSS

0.82

KEV

Yes

Exploits

cve.orgen

119 chars

A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution.

NVDen

119 chars

A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution.

Una inyección de código en Ivanti Endpoint Manager Mobile que permite a los atacantes lograr ejecución remota de código no autenticada.

Version	Type	Source	Base	Exp	Impact	Vector
3.1	Primary	cve.org	9.8	—	—	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
3.1	Secondary	NVD	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H