CCN-CERT AV 01/26 Zero-Day Vulnerabilities in Ivanti Endpoint Manager Mobile
Summary
The CCN-CERT published a critical alert on January 30, 2026 warning of two zero-day vulnerabilities (CVE-2026-1281 and CVE-2026-1340) affecting multiple versions of Ivanti Endpoint Manager Mobile (EPMM), a widely deployed enterprise mobility management platform. The vulnerabilities allow unauthenticated remote code execution. Affected versions include 12.5.0.0 and earlier, 12.6.0.0 and earlier, and 12.7.0.0 and earlier. Ivanti has released version-specific RPM patch scripts, with a full version 12.8.0.0 update expected by the end of Q1 2026.
“El CCN-CERT recomienda a todas las organizaciones aplicar las medidas de mitigación propuestas por el fabricante.”
Organizations running Ivanti EPMM should verify their current version and apply the corresponding RPM patch immediately — no authentication is required to exploit these flaws, making unpatched instances critically exposed. Once version 12.8.0.0 is available, the RPM patch will no longer be required.
About this source
GovPing monitors Spain CCN-CERT alt for new data privacy & cybersecurity regulatory changes. Every update since tracking began is archived, classified, and available as free RSS or email alerts — 3 changes logged to date.
What changed
The CCN-CERT disclosed two critical zero-day vulnerabilities in Ivanti Endpoint Manager Mobile (EPMM) affecting all 12.x versions through 12.7.0.0. CVE-2026-1281 impacts versions 12.5.0.0 and earlier, 12.6.0.0 and earlier, and 12.7.0.0 and earlier. CVE-2026-1340 affects versions 12.5.1.0 and earlier and 12.6.1.0 and earlier. Both allow unauthenticated remote code execution. Organizations running affected versions of Ivanti EPMM should immediately apply the manufacturer-provided RPM patch scripts (RPM 12.x.0.x or RPM 12.x.1.x depending on version) and plan to upgrade to version 12.8.0.0 when released in Q1 2026.
Archived snapshot
Apr 23, 2026GovPing captured this document from the original source. If the source has since changed or been removed, this is the text as it existed at that time.
CCN-CERT AV 01/26 Vulnerabilidades zero-day en el Endpoint Manager Mobile de Ivanti
Fecha de publicación: 30/01/2026
Nivel de peligrosidad: CRÍTICO
- El CCN-CERT recomienda a todas las organizaciones aplicar las medidas de mitigación propuestas por el fabricante.
- Ambas vulnerabilidades han sido recogidas en el boletín automático del portal del CCN-CERT, disponible mediante suscripción a través de su web. El CCN-CERT, del Centro Criptológico Nacional, avisa de la publicación por parte de Ivanti de medidas de mitigación temporales para dos vulnerabilidades críticas en Ivanti Endpoint Manager Mobile (EPMM), identificadas como CVE-2026-1281 y CVE-2026-1340, cuya explotación podría permitir la ejecución remota de código sin necesidad de autenticación.
Estas vulnerabilidades afectan a distintas versiones 12.x del producto y han sido recogidas en el servicio automático de vulnerabilidades del CCN-CERT.
Vulnerabilidades y recursos afectados
| CVE | Nombre del producto | Versión afectada | Actualización |
| CVE-2026-1281 | Ivanti Endpoint Manager Mobile | 12.5.0 .0 y anteriores
12.6.0.0 y anteriores
12.7.0.0 y anteriores | RPM 12.x.0.x
https://support.mobileiron.com/mi/vsp/AB1771634/ivanti-security-update-1761642-1.0.0S-5.noarch.rpm |
| CVE-2026-1340 | Ivanti Endpoint Manager Mobile | 12.5.1.0 y anteriores
12.6.1.0 y anteriores | RPM 12.x.1.x
https://support.mobileiron.com/mi/vsp/AB1771634/ivanti-security-update-1761642-1.0.0L-5.noarch.rpm |
Recomendaciones
El CCN-CERT recomienda a todas las organizaciones aplicar las medidas de mitigación del fabricante:
- Aplicar el script RPM 12.x.0.x o RPM 12.x.1.x, dependiendo de su versión (no es necesario aplicar ambos RPM, ya que son específicos de cada versión, no de cada vulnerabilidad.
Actualizar a la versión 12.8.0.0 cuando se lance a finales del primer trimestre de 2026 (una vez que haya actualizado a la versión 12.8.0.0, no será necesario volver a aplicar el script RPM)
Más información:Boletín vulnerabilidades CCN-CERT: https://www.ccn-cert.cni.es/es/seguridad-al-dia/vulnerabilidades/view/48925.html
Boletín vulnerabilidades CCN-CERT: https://www.ccn-cert.cni.es/es/seguridad-al-dia/vulnerabilidades/view/48924.html
CVE-2026-1281: https://nvd.nist.gov/vuln/detail/CVE-2026-1281
CVE-2026-1340: https://nvd.nist.gov/vuln/detail/CVE-2026-1340
Parties
Related changes
Get daily alerts for Spain CCN-CERT alt
Daily digest delivered to your inbox.
Free. Unsubscribe anytime.
Source
About this page
Every important government, regulator, and court update from around the world. One place. Real-time. Free. Our mission
Source document text, dates, docket IDs, and authority are extracted directly from CCN-CERT.
The summary, classification, recommended actions, deadlines, and penalty information are AI-generated from the original text and may contain errors. Always verify against the source document.
Classification
Who this affects
Taxonomy
Browse Categories
Get alerts for this source
We'll email you when Spain CCN-CERT alt publishes new changes.
Subscribed!
Optional. Filters your digest to exactly the updates that matter to you.