Ivanti EPMM Zero-Days Chained for Unauthenticated RCE, Already Exploited in the Wild
Two chained Ivanti EPMM vulnerabilities (CVE-2026-1281 and CVE-2026-1340, both CVSS 9.8) allow unauthenticated RCE via Bash command injection. CISA gave federal agencies only 3 days to patch.