{"id":203582,"date":"2026-04-09T11:22:00","date_gmt":"2026-04-09T15:22:00","guid":{"rendered":"https:\/\/testing.news-you-need.com\/index.php\/2026\/04\/09\/cisa-adds-second-critical-flaw-in-ivanti-epmm-to-exploited-vulnerabilities-catalog\/"},"modified":"2026-04-09T11:35:11","modified_gmt":"2026-04-09T15:35:11","slug":"cisa-adds-second-critical-flaw-in-ivanti-epmm-to-exploited-vulnerabilities-catalog","status":"publish","type":"post","link":"https:\/\/testing.news-you-need.com\/index.php\/2026\/04\/09\/cisa-adds-second-critical-flaw-in-ivanti-epmm-to-exploited-vulnerabilities-catalog\/","title":{"rendered":"CISA adds second critical flaw in Ivanti EPMM to exploited vulnerabilities catalog"},"content":{"rendered":"

CISA adds second critical flaw in Ivanti EPMM to exploited vulnerabilities catalog<\/a><\/p>\n

https:\/\/www.cybersecuritydive.com\/news\/cisa-second-critical-flaw-ivanti-epmm-exploited\/817080\/<\/a><\/p>\n

Publish Date: 2026-04-09 11:22:00<\/a><\/p>\n

Source Domain: www.cybersecuritydive.com<\/a><\/p>\n

Author: <\/a><\/p>\n

Using an unordered list, summarize the following article with between 4 and 8 key points. <\/p>\n

The Cybersecurity and Infrastructure Security Agency on Wednesday added a critical flaw in Ivanti Endpoint Manager Mobile (EPMM) to its Known Exploited Vulnerabilities catalog.\u00a0
\nThe vulnerability, tracked as CVE-2026-1340, stems from a code injection in Ivanti EPMM that allows an attacker to achieve remote code execution without authentication.\u00a0
\nCISA set a deadline of April 11 for federal civilian executive branch agencies to mitigate their environments.\u00a0\u00a0
\nIvanti first disclosed the issue in late January along with CVE-2026-1281, which is a similar code injection vulnerability and was immediately added to the KEV catalog. Both flaws have a severity score of 9.8. The company said it began seeing exploitation shortly after a proof of concept was released.\u00a0
\nIvanti released a security advisory for the vulnerabilities at the time, and said it was aware of a \u201cvery limited number\u201d of customers whose products were impacted.\u00a0<\/p>\n

\u201cAt the time of disclosure, Ivanti provided an RPM package to protect customer environments, which requires no downtime and takes only seconds to apply,\u201d an Ivanti spokesperson told Cybersecurity Dive.\u00a0
\nIvanti also provided indicators of compromise, technical analysis and a detection script developed alongside the National Cyber Security Centre in the Netherlands.\u00a0
\nThe European Commission and Dutch authorities said they were investigating incidents related to the vulnerabilities back in February.\u00a0
\nIvanti released version 12.8 for EPMM back on March 18, which resolves the vulnerabilities and provides additional security hardening features, according to a spokesperson. The company recommends all users apply the upgrade.\u00a0
\nMultiple security researchers contacted by Cybersecurity Dive said they have not seen any recent change in threat activity that would explain why the vulnerability was finally added to the KEV catalog.\u00a0
\n\u201cIt’s been repeatedly exploited literally thousands of times since it was disclosed,\u201d Simo Kohonen, founder and CEO at Defused, told Cybersecurity Dive.
\nCISA did not provide any specifics about the timing behind the change in status, but provided a link to general guidance for why a vulnerability is added to the KEV catalog.\u00a0<\/p>\n

<\/p>\n","protected":false},"excerpt":{"rendered":"

CISA adds second critical flaw in Ivanti EPMM to exploited vulnerabilities catalog https:\/\/www.cybersecuritydive.com\/news\/cisa-second-critical-flaw-ivanti-epmm-exploited\/817080\/ Publish Date:…<\/p>\n","protected":false},"author":1,"featured_media":203583,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/imgproxy.divecdn.com\/Gda6SteYr72pBLde-TTS5k8CaI5U27LeC168fkURkoc\/g:ce\/rs:fit:770:435\/Z3M6Ly9kaXZlc2l0ZS1zdG9yYWdlL2RpdmVpbWFnZS9HZXR0eUltYWdlcy0yMTk2MTU2NjQxLmpwZw==.webp","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[24,27],"class_list":["post-203582","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-cybersecurity","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/203582"}],"collection":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=203582"}],"version-history":[{"count":1,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/203582\/revisions"}],"predecessor-version":[{"id":203584,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/203582\/revisions\/203584"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/203583"}],"wp:attachment":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=203582"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=203582"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=203582"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}