Ref# ADV2026_223 | Date: Apr 10th 2026

---

Ivanti published a security advisory highlighting vulnerabilities in the following product on January 29, 2026. It is recommended that you take the necessary precautions by ensuring your products are always updated.

• Ivanti Endpoint Manager Mobile (EPMM) – version 12.5.0.0 and prior, 12.6.0.0 and prior, 12.7.0.0 and prior, version 12.5.1.0 and prior and 12.6.1.0 and prior

Update 2

On April 8, 2026, Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2026-1340 to their Known Exploited Vulnerabilities (KEV) Database.

Ivanti has stated that vulnerabilities CVE-2026-1281 & CVE-2026-1340 have been exploited in the wild.

For more information on these updates, you can follow these URLs:

• Security Advisory Ivanti Endpoint Manager Mobile (EPMM) (CVE-2026-1281 & CVE-2026-1340)
• Analysis Guidance Ivanti Endpoint Manager Mobile (EPMM) CVE-2026-1281 & CVE-2026-1340
• CISA KEV: CVE-2026-1281
• CISA KEV: CVE-2026-1340

The Guyana National CIRT recommends that users and administrators review these updates and apply where necessary.

PDF Download: Ivanti Security Advisory- Update 2

References

• Ivanti Security Advisories (n.d.) Retrieved from Ivanti Innovators Hub.  https://hub.ivanti.com/s/searchallcontent?language=en_US#sortCriteria=date%20descending&f-sfkbknowledgearticletypec=Security%20Advisory

• Ivanti Security Advisory (April 8^th, 2026). Retrieved from Canadian Centre for Cyber Security. Ivanti security advisory (AV26-068) – Update 2 – Canadian Centre for Cyber Security