{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-18T14:14:09.189","vulnerabilities":[{"cve":{"id":"CVE-2026-1281","sourceIdentifier":"3c1d8aa1-5a33-4ea4-8992-aadd6440af75","published":"2026-01-29T22:15:53.140","lastModified":"2026-01-30T13:28:18.610","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution."},{"lang":"es","value":"Una inyección de código en Ivanti Endpoint Manager Mobile que permite a los atacantes lograr ejecución remota de código no autenticada."}],"metrics":{"cvssMetricV31":[{"source":"3c1d8aa1-5a33-4ea4-8992-aadd6440af75","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"cisaExploitAdd":"2026-01-29","cisaActionDue":"2026-02-01","cisaRequiredAction":"Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.","cisaVulnerabilityName":"Ivanti Endpoint Manager Mobile (EPMM) Code Injection Vulnerability","weaknesses":[{"source":"3c1d8aa1-5a33-4ea4-8992-aadd6440af75","type":"Primary","description":[{"lang":"en","value":"CWE-94"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ivanti:endpoint_manager_mobile:*:*:*:*:*:*:*:*","versionEndIncluding":"12.5.0.0","matchCriteriaId":"1E4CDBD6-451C-4F5F-B40A-05AEF284FB9C"},{"vulnerable":true,"criteria":"cpe:2.3:a:ivanti:endpoint_manager_mobile:12.5.1.0:*:*:*:*:*:*:*","matchCriteriaId":"66F18E48-8F45-480C-AD0D-D6A615FD6157"},{"vulnerable":true,"criteria":"cpe:2.3:a:ivanti:endpoint_manager_mobile:12.6.0.0:*:*:*:*:*:*:*","matchCriteriaId":"13B3B9E5-6206-41C3-BC9E-A5AAEBA88A96"},{"vulnerable":true,"criteria":"cpe:2.3:a:ivanti:endpoint_manager_mobile:12.6.1.0:*:*:*:*:*:*:*","matchCriteriaId":"1E44BEF4-A032-4D05-83AA-AFD52C56EA8E"},{"vulnerable":true,"criteria":"cpe:2.3:a:ivanti:endpoint_manager_mobile:12.7.0.0:*:*:*:*:*:*:*","matchCriteriaId":"79879C08-959D-49BD-947C-914F82B564E4"}]}]}],"references":[{"url":"https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Endpoint-Manager-Mobile-EPMM-CVE-2026-1281-CVE-2026-1340","source":"3c1d8aa1-5a33-4ea4-8992-aadd6440af75","tags":["Patch","Vendor Advisory"]},{"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-1281","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["US Government Resource"]}]}}]}