CVE-2026-1340

This repository contains functional exploit code for CVE-2026-1281/1340, targeting Ivanti EPMM. It includes multiple payloads for remote command execution, reverse shells, webshells, persistence mechanisms, and data exfiltration, demonstrating a clear understanding of the vulnerability.

This Metasploit module exploits an OS command injection vulnerability in Ivanti Endpoint Manager Mobile (EPMM) to achieve unauthenticated remote code execution with root privileges. It uses a crafted HTTP request to inject commands via the 'h' parameter in the URI.

This repository contains a functional exploit PoC for CVE-2026-1340, demonstrating a pre-auth RCE vulnerability in Ivanti EPMM via Bash arithmetic expansion behavior. The exploit leverages command substitution in array indices to achieve remote code execution.