Skip to main content

Overview

Ivanti has released an advisory for two critical code injection vulnerabilities affecting Ivanti Endpoint Manager Mobile (EPMM), a unified platform for managing mobile, macOS, and Windows devices. Both flaws can be exploited remotely and without authentication, potentially enabling unauthorised remote code execution on vulnerable EPMM appliances with only network access and no user interaction. Ivanti has stated it is aware of limited in-the-wild exploitation and has provided mitigation updates for affected EPMM versions. 

  • CVE-2026-1281 – Code Injection / Unauthenticated Remote Code Execution (CVSSv3 9.8) 
  • CVE-2026-1340 – Code Injection / Unauthenticated Remote Code Execution (CVSSv3 9.8) 

The following EPMM versions are known to be affected: <= 12.5.0.0, <= 12.5.1.0, <= 12.6.0.0, <= 12.6.1.0, <= 12.7.0.0. 

 

Fortinet has issued guidance for a critical authentication bypass vulnerability affecting multiple Fortinet products. The flaw may allow an attacker with a FortiCloud account and a registered device to authenticate to other devices registered to different FortiCloud accounts where FortiCloud SSO administrative login is enabled. The issue has been associated with active exploitation, and CISA has published additional guidance urging organisations to assess exposure and apply vendor updates as they become available. 

  • CVE-2026-24858 - Authentication Bypass Using an Alternate Path or Channel (FortiCloud SSO) (CVSSv3 9.4).  

Affected versions: 

  • FortiAnalyzer: 7.6.0–7.6.5, 7.4.0–7.4.9, 7.2.0–7.2.11, 7.0.0–7.0.15. 
  • FortiManager: 7.6.0–7.6.5, 7.4.0–7.4.9, 7.2.0–7.2.11, 7.0.0–7.0.15. 
  • FortiOS: 7.6.0–7.6.5, 7.4.0–7.4.10, 7.2.0–7.2.12, 7.0.0–7.0.18. 
  • FortiProxy: 7.6.0–7.6.4, 7.4.0–7.4.12, 7.2.0–7.2.15, 7.0.0–7.0.22. 

 

WordPress plugin, ‘Simple User Registration’ has a recent high-severity vulnerability that could allow authenticated, low-privilege users (e.g. Subscriber) to gain elevated access. Insufficient restrictions during profile updates may allow a logged-in user to modify role capabilities and escalate privileges.  

  • CVE-2026-0844 – Authenticated (Subscriber+) Privilege Escalation (CVSSv3 8.8). Affected versions <=6.7 

Recommended Action   

Organisations are encouraged to review the appropriate security advisory pages and apply the updates:   

Ivanti –Security Advisory Ivanti Endpoint Manager Mobile (EPMM) 

Fortinet –PSIRT | FortiGuard Labs 

WordPress – WordPress Vulnerability Database 

If you have any concerns, or have been affected by a cyber-related issue, report it to us by submitting aCyber Concerns Online Reporting Form.  

Topics

  • Advisory
  • Vulnerability
  • Exploit
  • Patches and Updates