{"id":45235,"date":"2026-04-09T01:04:25","date_gmt":"2026-04-08T17:04:25","guid":{"rendered":"https:\/\/nuoya.nuoyayasuo.top\/index.php\/2026\/04\/09\/cisa-orders-feds-to-patch-exploited-ivanti-epmm-flaw-by-sunday\/"},"modified":"2026-04-09T01:04:25","modified_gmt":"2026-04-08T17:04:25","slug":"cisa-orders-feds-to-patch-exploited-ivanti-epmm-flaw-by-sunday","status":"publish","type":"post","link":"https:\/\/nuoya.nuoyayasuo.top\/index.php\/2026\/04\/09\/cisa-orders-feds-to-patch-exploited-ivanti-epmm-flaw-by-sunday\/","title":{"rendered":"CISA orders feds to patch exploited Ivanti EPMM flaw by Sunday"},"content":{"rendered":"\n

\"CISA<\/p>\n

CISA has given U.S. government agencies four days to secure their systems against a critical-severity vulnerability in Ivanti Endpoint Manager Mobile (EPMM) that has been exploited in attacks since January.<\/p>\n

Tracked as CVE-2026-1340<\/a>, this critical-severity code injection flaw enables threat actors without privileges to gain remote code execution on Internet-exposed and unpatched EPMM appliances.<\/p>\n

Ivanti flagged<\/a> this and a second security bug (CVE-2026-1281) as abused in zero-day attacks when it released security updates on January 29 to patch both vulnerabilities and “strongly” encouraged all customers to update their systems to block ongoing exploitation.<\/p>\n

\"CISA<\/a> <\/div>\n

“Successful exploitation could lead to unauthenticated remote code execution. We are aware of a very limited number of customers whose solution has been exploited at the time of disclosure,” the company said at the time.<\/p>\n

Internet security watchdog group Shadowserver is currently tracking nearly 950 IP addresses with Ivanti EPMM fingerprints<\/a> still exposed online, most of them from Europe (569) and North America (206). However, there is no information on how many of them have already been patched.<\/p>\n

\n
\"CISA
Ivanti EPMM appliances exposed online (Shadowserver)<\/em><\/figcaption><\/figure>\n<\/div>\n

​​On Monday, the U.S. Cybersecurity and Infrastructure Security Agency added<\/a> the vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog<\/a> and ordered Federal Civilian Executive Branch (FCEB) agencies to patch their EPMM systems by Saturday midnight, April 11, as mandated by Binding Operational Directive (BOD) 22-01<\/a>.<\/p>\n

“This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise,” CISA warned. “Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.”<\/p>\n

CISA advised all defenders, including those in the private sector, to prioritize applying patches for CVE-2026-1340 to secure their organizations’ devices as soon as possible, even though BOD 22-01 applies only to U.S. federal agencies.<\/p>\n

Multiple other Ivanti vulnerabilities have been exploited in recent years<\/a> via zero-day attacks<\/a> to breach<\/a> a wide range<\/a> of targets<\/a>, including government<\/a> agencies<\/a> worldwide.<\/p>\n

In total, CISA has tagged 33 Ivanti vulnerabilities<\/a> as exploited in attacks, 12 of which have been used by various ransomware operations.<\/p>\n

Ivanti provides IT asset management products to over 40,000 customers through a network of more than 7,000 partners around the globe.<\/p>\n