Ethical Hacking News
U.S. CISA adds Ivanti Sentry flaw to its Known Exploited Vulnerabilities catalog, urging patching by June 14 as a high-priority security advisory due to the severity of the OS command injection vulnerability.
The United States Cybersecurity and Infrastructure Security Agency (CISA) has added a critical flaw in Ivanti Sentry, a secure gateway appliance, with a CVSS score of 10.0. The vulnerability allows remote code execution with root privileges, posing a significant threat to the security of organizations that use this product. Rarely exploited but still dangerous due to its potential to gain direct access into enterprise networks and facilitate data theft. CISA orders federal agencies to fix the vulnerability by June 14, 2026, emphasizing its critical nature.
The United States Cybersecurity and Infrastructure Security Agency (CISA) has added a critical flaw in Ivanti Sentry, a secure gateway appliance used by organizations to manage and protect mobile access to corporate resources. The vulnerability, tracked as CVE-2026-10520, has been categorized as having a CVSS score of 10.0, indicating a high level of severity. This addition to the Known Exploited Vulnerabilities (KEV) catalog emphasizes the importance of patching this issue by June 14, 2026.
Ivanti Sentry is designed to protect communications between corporate systems and mobile devices, making it a crucial component in enterprise networks. However, the maximum-severity OS command injection flaw in Ivanti Sentry allows remote code execution with root privileges, posing a significant threat to the security of organizations that use this product.
Researchers at Shadowserver have observed a large number of Ivanti Sentry CVE-2026-10520 exploitation attempts following the public disclosure of the vulnerability. The foundation has detected 19 vulnerable instances and confirmed that at least two were compromised due to the lack of patching. Although Ivanti initially reported no evidence of active attacks, these findings highlight the urgent need for organizations to address this vulnerability.
The impact of this flaw is significant because it enables attackers to gain direct access into enterprise networks and facilitate data theft. Since Ivanti Sentry acts as a gateway between mobile devices and internal corporate systems, compromising this product would allow attackers to be "inside" the network, effectively bypassing traditional security measures.
Experts emphasize that organizations should review their infrastructure and address the vulnerabilities in their catalog by the due date. The CISA orders federal agencies to fix the vulnerability by June 14, 2026, underscoring the critical nature of this issue.
In light of these developments, it is essential for organizations to prioritize patching this vulnerability and assessing their current security posture. This will help prevent potential data breaches and protect against malicious actors who can exploit this critical flaw in Ivanti Sentry.
Related Information:
https://www.ethicalhackingnews.com/articles/The-US-CISA-Adds-Ivanti-Sentry-Flaw-to-Its-Known-Exploited-Vulnerabilities-Catalog-A-Critical-Security-Advisory-ehn.shtml
https://securityaffairs.com/193557/security/u-s-cisa-adds-ivanti-sentry-flaw-to-its-known-exploited-vulnerabilities-catalog-and-urges-patching-by-june-14.html
https://www.cisa.gov/news-events/alerts/2026/06/11/cisa-adds-one-known-exploited-vulnerability-catalog
https://nvd.nist.gov/vuln/detail/CVE-2026-10520
https://www.cvedetails.com/cve/CVE-2026-10520/
Published: Fri Jun 12 14:31:11 2026 by llama3.2 3B Q4_K_M
