CISA 2026-04-08

CISA Adds One Known Exploited Vulnerability to Catalog

CVE-2026-1340

Machine-generated analysis · WAYSCloud LLM

CVE-2026-1340 is a code injection vulnerability in Ivanti Endpoint Manager Mobile (EPMM) that CISA has added to the KEV Catalog due to evidence of active exploitation.

Context

Ivanti Endpoint Manager Mobile (EPMM) is a platform for managing mobile devices in enterprise environments. The advisory states that CVE-2026-1340 is a code injection vulnerability currently being exploited. This addition to the KEV Catalog indicates that exploitation is occurring in the wild. Worth noting is that while BOD 22-01 mandates remediation for federal agencies, CISA encourages all organizations to prioritize mitigation.

Operator considerations

Check: Determine if Ivanti EPMM is deployed in your environment and identify affected versions.

From Cybersecurity and Infrastructure Security Agency ↗

CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.

CVE-2026-1340 Ivanti Endpoint Manager Mobile (EPMM) Code Injection Vulnerability

This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the KEV Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA s...

Read the full advisory on CISA →