A code injection vulnerability exists in Ivanti Endpoint Manager Mobile (EPMM) that could allow unauthenticated remote code execution. Organizations using EPMM should apply mitigations per vendor instructions, follow BOD 22-01 guidance for cloud services, or discontinue use of the product.
Vendor: Ivanti Product: Endpoint Manager Mobile (EPMM) Description: Ivanti Endpoint Manager Mobile (EPMM) contains a code injection vulnerability that could allow attackers to achieve unauthenticated remote code execution. Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. Due Date: 2026-02-01