Overview
Ivanti has released updates for two critical vulnerabilities affecting the Ivanti Endpoint Manager Mobile (EPMM). Both vulnerabilities are due to a code injection that if successfully exploited could lead to unauthenticated remote code execution.
- CVE-2026-1340: Ivanti Endpoint Manager Mobile (EPMM) Code Injection (CVSSv3 9.8). Affected versions: <= 12.5.1.0, <= 12.6.1.0
- CVE-2026-1281: Ivanti Endpoint Manager Mobile (EPMM) Code Injection (CVSSv3 9.8). Affected versions: <= 12.5.0.0, <= 12.6.0.0, <= 12.7.0.0
Moby, the technology underlying the Docker platform, has released patches for a high-severity vulnerability. Under specific circumstances, attackers can bypass authorisation plugins (AuthZ). Exploitation of this vulnerability can lead to the execution of malicious code enabling an attacker to potentially extract credentials, take control of cloud accounts and interact with production servers.
- CVE-2026-34040: Docker AuthZ Plugin Bypass (CVSSv3 8.8). Affected versions: < 29.3.1
Adobe has released updates for a critical vulnerability in the Adobe Acrobat and Reader. This vulnerability could lead to arbitrary code execution.
- CVE-2026-34621: Acrobat Reader Improperly Controlled Modification of Object Prototype Attributes (CVSSv3 9.6).
Affected versions:
-
- Acrobat DC: <= 26.001.21367
-
- Acrobat Reader DC: <= 26.001.21367
-
- Acrobat 2024: <= 24.011.30356
Recommended Action
Organisations and individuals are encouraged to review the appropriate security advisory pages and apply the updates:
Ivanti - Security Advisory Ivanti Endpoint Manager Mobile (EPMM)
Moby - AuthZ plugin bypass with oversized request body · Advisory
Adobe - Adobe Security Bulletin
If you have any concerns, or have been affected by a cyber-related issue, report it to us by submitting a Cyber Concerns Online Reporting Form.