⚠️ Region Alert: UAE/Middle East
Ivanti Endpoint Manager Mobile (EPMM) is currently facing active exploitation of two critical zero-day vulnerabilities, CVE-2026-1281 and CVE-2026-1340. These vulnerabilities allow unauthenticated attackers to execute arbitrary code remotely, effectively granting full control over mobile device management (MDM) infrastructure. Threat actors have been observed deploying web shells, establishing reverse shells, and installing persistent backdoors across multiple sectors, including government and healthcare.
The exploitation technique leverages bash arithmetic expansion within legacy scripts used by Apache web server configurations. Attackers can bypass authentication to conduct reconnaissance or download second-stage payloads such as the Nezha monitoring agent. Organizations are strongly advised to apply the version-specific RPM patches provided by Ivanti immediately to mitigate the risk of compromise, as the window between disclosure and mass exploitation has significantly collapsed.
Top comments (0)