CISA has added CVE-2026-1340, a code injection vulnerability in Ivanti Endpoint Manager Mobile (EPMM), to its Known Exploited Vulnerabilities (KEV) Catalog due to evidence of active exploitation. All organizations, especially federal agencies under BOD 22-01, are strongly urged to prioritize timely remediation to protect their networks against active threats.