CVE-2026-1281 - Vulnerability Details - OpenCVE

A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is in the KEV database since yesterday.

No EPSS score available.

Exploitation active

Automatable yes

Technical Impact total

No data.

No data.

No data.

No data.

References

Link	Providers
https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Endpoint-Manager-Mobile-EPMM-CVE-2026-1281-CVE-2026-1340
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-1281

History

Thu, 29 Jan 2026 22:15:00 +0000

Type	Values Removed	Values Added
References		https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-1281
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'active', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Thu, 29 Jan 2026 22:00:00 +0000

Type	Values Removed	Values Added
Description		A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution.
Weaknesses		CWE-94
References		https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Endpoint-Manager-Mobile-EPMM-CVE-2026-1281-CVE-2026-1340
Metrics		cvssV3_1 `{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}` kev `{'dateAdded': '2026-01-29T00:00:00+00:00', 'dueDate': '2026-02-01T00:00:00+00:00'}`

MITRE

Status: PUBLISHED

Assigner: ivanti

Published: 2026-01-29T21:31:17.041Z

Updated: 2026-01-29T22:00:29.711Z

Reserved: 2026-01-21T03:38:00.740Z

Link: CVE-2026-1281

Vulnrichment

Updated: 2026-01-29T21:59:55.303Z

NVD

Status : Received

Published: 2026-01-29T22:15:53.140

Modified: 2026-01-29T22:15:53.140

Link: CVE-2026-1281

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-1281", "assignerOrgId": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75", "state": "PUBLISHED", "assignerShortName": "ivanti", "dateReserved": "2026-01-21T03:38:00.740Z", "datePublished": "2026-01-29T21:31:17.041Z", "dateUpdated": "2026-01-29T22:00:29.711Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "affected", "product": "Endpoint Manager Mobile", "vendor": "Ivanti", "versions": [{"status": "unaffected", "version": "12.x.1.x RPM", "versionType": "custom"}, {"status": "unaffected", "version": "12.x.0.x RPM", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution."}], "value": "A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution."}], "impacts": [{"capecId": "CAPEC-242", "descriptions": [{"lang": "en", "value": "CAPEC-242 Code Injection"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-94", "description": "CWE-94 Improper Control of Generation of Code ('Code Injection')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75", "shortName": "ivanti", "dateUpdated": "2026-01-29T21:31:17.041Z"}, "references": [{"url": "https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Endpoint-Manager-Mobile-EPMM-CVE-2026-1281-CVE-2026-1340"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"references": [{"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-1281", "tags": ["government-resource"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-01-29T21:59:10.246082Z", "id": "CVE-2026-1281", "options": [{"Exploitation": "active"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-29T22:00:29.711Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-1281", "role": "CISA Coordinator", "options": [{"Exploitation": "active"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-01-29T21:59:10.246082Z"}}}], "references": [{"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-1281", "tags": ["government-resource"]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-29T21:59:55.303Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "impacts": [{"capecId": "CAPEC-242", "descriptions": [{"lang": "en", "value": "CAPEC-242 Code Injection"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Ivanti", "product": "Endpoint Manager Mobile", "versions": [{"status": "unaffected", "version": "12.x.1.x RPM", "versionType": "custom"}, {"status": "unaffected", "version": "12.x.0.x RPM", "versionType": "custom"}], "defaultStatus": "affected"}], "references": [{"url": "https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Endpoint-Manager-Mobile-EPMM-CVE-2026-1281-CVE-2026-1340"}], "x_generator": {"engine": "Vulnogram 0.5.0"}, "descriptions": [{"lang": "en", "value": "A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution.", "supportingMedia": [{"type": "text/html", "value": "A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-94", "description": "CWE-94 Improper Control of Generation of Code ('Code Injection')"}]}], "providerMetadata": {"orgId": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75", "shortName": "ivanti", "dateUpdated": "2026-01-29T21:31:17.041Z"}}}, "cveMetadata": {"cveId": "CVE-2026-1281", "state": "PUBLISHED", "dateUpdated": "2026-01-29T22:00:29.711Z", "dateReserved": "2026-01-21T03:38:00.740Z", "assignerOrgId": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75", "datePublished": "2026-01-29T21:31:17.041Z", "assignerShortName": "ivanti"}, "dataVersion": "5.2"}