Ivanti EPMM Zero-Days Actively Exploited: Pre-Auth RCE via Bash Arithmetic Expansion
Two actively exploited pre-auth RCE vulnerabilities (CVE-2026-1281 and CVE-2026-1340) in Ivanti Endpoint Manager Mobile allow attackers to execute arbitrary commands via Bash arithmetic expansion. CISA has added these to the KEV catalog.