The OS command injection vulnerability CVE-2026-10520 in Ivanti Sentry is actively exploited by attackers; CISA orders patching within 72 hours for federal agencies.