Bottom line: The OS command injection vulnerability CVE-2026-10520 in Ivanti Sentry is actively exploited by attackers; CISA orders patching within 72 hours for federal agencies.
US agency CISA is requiring federal agencies under the new BOD 26-04 directive to close a critical vulnerability in Ivanti Sentry within three days. Attackers are already actively exploiting the flaw to install backdoors on internet-accessible gateways.
The vulnerability CVE-2026-10520 affects the Ivanti Sentry security gateway (formerly MobileIron Sentry) and is classified as OS command injection. It allows remote attackers to inject and execute unauthorized operating system commands. CISA rates the risk as maximum severity and has immediately added the vulnerability to the official catalog of actively exploited vulnerabilities (KEV catalog).
Ivanti released a security patch on Wednesday and initially stated there were no signs of practical exploitation. Shortly thereafter, IT security service Shadowserver reported that attackers had already installed backdoors on numerous internet-accessible administration portals. After a functional proof-of-concept exploit was published online, experts observed a high number of attack attempts. Shadowserver warned clearly: “If you haven’t patched by now, you are almost certainly compromised.” The actual number of vulnerable systems is likely higher since many organizations block IP addresses from security scanners.
The new BOD 26-04 directive replaces older CISA security requirements and sets a response deadline of 72 hours. It applies when the following conditions are met: the system is directly accessible over the internet, the vulnerability is listed in the KEV catalog, an attack can be automated at scale, and successful exploitation enables complete control of the target system. CVE-2026-10520 is the first official case to which BOD 26-04 is applied.
In recent years, CISA has registered 35 vulnerabilities in various Ivanti products that have been abused in cyberattacks. Twelve of these cases were exploited by ransomware groups.
Source: www.it-daily.net · Published 15 June 2026
Lumi AI News — AI-assisted curation pursuant to Art. 50 EU AI Act. Paraphrase and classification by Lumi News Pipeline v1.7.1.