Ivanti Endpoint Manager Mobile (EPMM) carries the highest combined urgency of any vendor in this rollup: CVE-2026-1340 is an unauthenticated RCE with a CVSS of 9.8, confirmed CISA KEV status (remediation deadline 2026-04-11), active exploitation dating to at least January 2026, and an EPSS score at the 98.6th percentile. It chains with companion vulnerability CVE-2026-1281, released simultaneously with patches on January 29, 2026. Approximately 950 appliances remain internet-exposed per Shadowserver; organizations must apply the Ivanti patch immediately, restrict EPMM administrative interface access to trusted IP ranges, and conduct forensic triage of any EPMM hosts that were externally accessible prior to patching.