Ivanti Warns of Two EPMM Flaws Exploited in Zero-Day Attacks

Mobile device management (MDM) platforms have become essential for securing a distributed workforce, yet they also present a high‑value attack surface. Ivanti’s EPMM suite, widely deployed across enterprises and federal agencies, now faces two severe code‑injection flaws that allow unauthenticated code execution. Such vulnerabilities are especially dangerous because they grant attackers direct access to device inventories, user identities, and even GPS coordinates, effectively turning a management console into a reconnaissance hub. The rapid exploitation of these flaws underscores the accelerating pace at which threat actors target MDM solutions.

From a technical standpoint, the vulnerabilities reside in the In‑House Application Distribution and Android File Transfer Configuration modules, exposing endpoints that return a 404 response when probed maliciously. Ivanti’s response includes RPM scripts that patch affected versions without service interruption, though the hotfixes must be reapplied after any major upgrade. Organizations should prioritize applying these mitigations immediately and plan for the permanent remediation slated for EPMM 12.8.0.0. Additionally, security teams can leverage the provided regular‑expression filter to flag suspicious log entries, enabling early detection of exploitation attempts before full compromise.

Regulatory pressure amplifies the urgency: CISA’s inclusion of CVE‑2026‑1281 in the KEV catalog obligates federal entities to remediate by early February 2026, and the Binding Operational Directive reinforces compliance expectations. Enterprises should treat this incident as a reminder to adopt layered defenses—network segmentation, strict API controls, and continuous log monitoring—to limit lateral movement. Proactive backup strategies and rapid restoration procedures are also critical, as Ivanti advises rebuilding compromised appliances rather than attempting in‑place cleaning. Looking ahead, the episode highlights the need for faster vulnerability disclosure cycles and robust patch management to safeguard the expanding ecosystem of mobile endpoints.