Ivanti Endpoint Manager Mobile (EPMM) is affected by a critical unauthenticated remote code execution vulnerability (CVE-2026-1340, CVSS 9.8) that is actively exploited in the wild and listed on the CISA KEV catalog with a federal remediation due date of 2026-04-11 — effectively today. A companion vulnerability CVE-2026-1281 has been referenced alongside this CVE in Unit 42 reporting, suggesting chained exploitation may be occurring. Organizations running EPMM must apply the Ivanti-issued patch immediately, restrict external access to EPMM administrative and API endpoints at the perimeter if patching is delayed, and review EPMM logs and EDR telemetry for signs of prior compromise.