Active exploitation of vulnerabilities on Ivanti Endpoint Manager Mobile (EPMM)

The CSSF has been made aware of the current active exploitation of two vulnerabilities (CVE-2026-1281 & CVE-2026-1340) on Ivanti Endpoint Manager Mobile (EPMM), allowing unauthenticated remote code execution. As EPMM is a mobile endpoint management solution, a compromise of the EPMM server can result in a severe impact, including full control over managed devices, lateral movements and access to sensitive data.

CIRCL, the Computer Incident Center Luxembourg, published a report on this subject, including recommendations, available at this URL: https://www.circl.lu/pub/tr-98.

The CSSF strongly recommends all supervised entities concerned to duly take note of this report and to take appropriate actions.

In addition, as the unauthenticated remote code execution consists of an unauthorised malicious access, the CSSF reminds all supervised entities that this constitutes a major ICT-related incident that needs to be notified, according to both Circulars CSSF 25/893 (DORA) or CSSF 24/847, depending on the type of entity.