Share
## https://sploitus.com/exploit?id=SAINT:9D427FFC6164ABC60E65FE94AEE01A51
Added: 02/02/2026  
CVE: CVE-2026-1281  


### Background

Ivanti Endpoint Manager Mobile, formerly MobileIron Core, is a security and Unified Endpoint Management (UEM) tool. 

### Problem

A command injection vulnerability in Ivanti EPMM could allow an unauthenticated attacker to execute arbitrary commands by sending a specially crafted GET request. 

### Resolution

Apply RPM 12.x.0.x or 12.x.1.x as instructed in the Ivanti Security Advisory. 

### References

https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Endpoint-Manager-Mobile-EPMM-CVE-2026-1281-CVE-2026-1340   
https://forums.ivanti.com/s/article/Analysis-Guidance-Ivanti-Endpoint-Manager-Mobile-EPMM-CVE-2026-1281-CVE-2026-1340?language=en_US   
https://labs.watchtowr.com/someone-knows-bash-far-too-well-and-we-love-it-ivanti-epmm-pre-auth-rces-cve-2026-1281-cve-2026-1340/   


### Platforms

Ivanti