THE U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability in Ivanti Sentry, identified as CVE-2026-10520, to its Known Exploited Vulnerabilities catalog, urging immediate patching by June 14, 2026. This vulnerability, with a CVSS score of 10.0, allows remote code execution with root privileges due to an OS command injection flaw.
Although Ivanti initially reported no active exploitation, researchers have observed attempts at exploitation shortly after a security patch was released, with many exposed Sentry gateways being compromised. CISA mandates federal agencies to address this vulnerability to enhance network security.