(TLP:CLEAR) Weekly Vulnerabilities to Prioritize – April 9, 2026
Created: Thursday, April 9, 2026 - 15:40
Categories: Cybersecurity, Security Preparedness
The below vulnerabilities have been identified by WaterISAC analysts as important for water and wastewater utilities to prioritize in their vulnerability management efforts. WaterISAC shares critical vulnerabilities that affect widely used products and may be under active exploitation. WaterISAC draws additional awareness in alerts and advisories when vulnerabilities are confirmed to be impacting, or have a high likelihood of impacting, water and wastewater utilities. Members are encouraged to regularly review these vulnerabilities, many of which are often included in CISA’s Known Exploited Vulnerabilities (KEV) Catalog.
Ivanti Endpoint Manager Mobile (EPMM) Code Injection Vulnerability
CVSS 3.1: 9.8
CVEs: CVE-2026-1340
Description: A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution. CISA has added these vulnerabilities to its KEV catalog.
Original Source: https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Endpoint-Manager-Mobile-EPMM-CVE-2026-1281-CVE-2026-1340
Additional Reading
Fortinet FortiClient EMS Improper Access Control Vulnerability
CVSS 3.1: 9.1
CVE: CVE-2026-35616
Description: A improper access control vulnerability in Fortinet FortiClientEMS 7.4.5 through 7.4.6 may allow an unauthenticated attacker to execute unauthorized code or commands via crafted requests. CISA added this vulnerability to its KEV catalog.
Source: https://fortiguard.fortinet.com/psirt/FG-IR-26-099
Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ
CVSS: N/A
CVE: CVE-2026-34197
Description: Improper Input Validation, Improper Control of Generation of Code (‘Code Injection’) vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ. Apache ActiveMQ Classic exposes the Jolokia JMX-HTTP bridge at /api/jolokia/ on the web console.
Source: https://activemq.apache.org/security-advisories.data/CVE-2026-34197-announcement.txt
Additional Reading: