Ivanti Endpoint Manager Mobile (EPMM) carries the highest individual priority score in this rollup (0.855) and is confirmed in CISA KEV with an active exploitation deadline of 2026-04-11 for federal agencies — effectively immediate. CVE-2026-1340 is an unauthenticated remote code injection flaw (CVSS 9.8) that is co-exploited in observed attacks with a companion CVE (CVE-2026-1281), meaning a single-CVE patch is insufficient. Organizations should treat this as an emergency: isolate the EPMM management interface from internet exposure, apply the Ivanti advisory patch for both CVEs, and rotate all credentials and certificates managed by the platform.