CISA Adds Ivanti Sentry OS Command Injection Vulnerability to KEV Catalog
CISA has added CVE-2026-10520, an Ivanti Sentry OS command injection vulnerability, to its Known Exploited Vulnerabilities catalog due to active exploitation.
CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. The vulnerability, CVE-2026-10520, is an OS command injection flaw in Ivanti Sentry that allows attackers to gain total control of publicly exposed assets post-exploitation. This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise.
Ivanti Sentry is a secure gateway that provides remote access to enterprise resources. The command injection vulnerability enables an unauthenticated attacker to execute arbitrary commands on the affected system, potentially leading to full compromise. Given the critical nature of the flaw and confirmed active exploitation, CISA has mandated remediation for federal agencies.
Under Binding Operational Directive (BOD) 26-04, which updates BOD 22-01, Federal Civilian Executive Branch (FCEB) agencies must prioritize remediation of this vulnerability. BOD 26-04 establishes vulnerability management requirements that focus on risk-based prioritization, requiring agencies to rapidly patch high-risk KEV-listed vulnerabilities while deferring lower-risk issues. The directive also sets expectations for post-patch compromise checks.
While BOD 26-04 applies only to FCEB agencies, CISA strongly encourages all organizations to adopt risk-based vulnerability management and prioritize remediation of KEV catalog entries. The agency continues to add vulnerabilities to the catalog that meet specified criteria, including evidence of exploitation and clear mitigation guidance.
Organizations using Ivanti Sentry should immediately apply the available patches or mitigations provided by Ivanti. CISA also recommends reviewing the advisory for detailed remediation steps. The addition of CVE-2026-10520 to the KEV catalog underscores the ongoing threat from command injection vulnerabilities and the importance of timely patching.
This action is part of CISA's broader effort to drive proactive cybersecurity practices across the public and private sectors. By highlighting actively exploited vulnerabilities, the KEV catalog serves as a critical resource for prioritizing security efforts against the most imminent threats.