{"id":208091,"date":"2026-01-30T05:45:00","date_gmt":"2026-01-30T10:45:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/01\/30\/u-s-cisa-adds-a-flaw-in-ivanti-epmm-to-its-known-exploited-vulnerabilities-catalog\/"},"modified":"2026-01-30T06:35:13","modified_gmt":"2026-01-30T11:35:13","slug":"u-s-cisa-adds-a-flaw-in-ivanti-epmm-to-its-known-exploited-vulnerabilities-catalog","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/01\/30\/u-s-cisa-adds-a-flaw-in-ivanti-epmm-to-its-known-exploited-vulnerabilities-catalog\/","title":{"rendered":"U.S. CISA adds a flaw in Ivanti EPMM to its Known Exploited Vulnerabilities catalog"},"content":{"rendered":"

U.S. CISA adds a flaw in Ivanti EPMM to its Known Exploited Vulnerabilities catalog<\/a><\/p>\n

https:\/\/securityaffairs.com\/187488\/security\/u-s-cisa-adds-a-flaw-in-ivanti-epmm-to-its-known-exploited-vulnerabilities-catalog.html<\/a><\/p>\n

Publish Date: 2026-01-30 05:45:00<\/a><\/p>\n

Source Domain: securityaffairs.com<\/a><\/p>\n

U.S. CISA adds a flaw in Ivanti EPMM to its Known Exploited Vulnerabilities catalog<\/h2>\n<\/p>\n

\t\t\t\t\t\t\t Pierluigi Paganini<\/span>
\n\t\t\t\t\t\t\t\"\"\/ January 30, 2026<\/span><\/p>\n

\t\t\t\t\t\t\"\"\/<\/p>\n

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in Ivanti EPMM to its Known Exploited Vulnerabilities catalog.<\/h2>\n

The U.S. Cybersecurity and Infrastructure Security Agency (CISA)\u00a0added\u00a0an Ivanti EPMM vulnerability, tracked as CVE-2026-1281 (CVSS score of 9.8), to its\u00a0Known Exploited Vulnerabilities (KEV) catalog.<\/p>\n

The vulnerability is a code injection that impacts Ivanti Endpoint Manager Mobile. An unauthenticated attacker can exploit the vulnerability to achieve remote code execution.<\/p>\n

\u201cA\u00a0code injection\u00a0in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution.\u201d reads the advisory.<\/p>\n

The company confirmed that it is aware of attacks in the wild exploiting this vulnerability.<\/p>\n

\u201cWe are\u00a0aware of\u00a0a\u00a0very\u00a0limited\u00a0number of customers who have been exploited at the time of disclosure.\u201d continues the advisory.<\/p>\n

Ivanti said the investigation is ongoing and no reliable indicators of compromise are available yet, though technical guidance has been shared. Sentry and Ivanti Neurons for MDM are not vulnerable, and cloud customers are unaffected. Ivanti has released a patch, expanded customer support, and is working with security partners and law enforcement.<\/p>\n

According to\u00a0Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities, FCEB agencies have to address the identified vulnerabilities by the due date to protect their networks against attacks exploiting the flaws in the catalog.<\/p>\n

Experts also recommend that private organizations review the\u00a0Catalog\u00a0and address the vulnerabilities in their infrastructure.<\/p>\n

CISA orders federal agencies to fix the vulnerability by\u00a0February 2, 2026.<\/p>\n

US CISA also published an alert related to this…<\/p>\n

Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

U.S. CISA adds a flaw in Ivanti EPMM to its Known Exploited Vulnerabilities catalog https:\/\/securityaffairs.com\/187488\/security\/u-s-cisa-adds-a-flaw-in-ivanti-epmm-to-its-known-exploited-vulnerabilities-catalog.html…<\/p>\n","protected":false},"author":1,"featured_media":208092,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/securityaffairs.com\/wp-content\/uploads\/2020\/07\/CISA.jpeg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[24,31,27],"class_list":["post-208091","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-cybersecurity","tag-exploit","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/208091"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=208091"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/208091\/revisions"}],"predecessor-version":[{"id":208093,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/208091\/revisions\/208093"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/208092"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=208091"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=208091"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=208091"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}