The US Cybersecurity and Infrastructure Security Agency (CISA) has identified a vulnerability in Ivanti Sentry, tracked as CVE-2026-10520, as being actively exploited. This security flaw, which carries the highest possible CVSS score of 10, is an OS command injection issue that can be exploited remotely to execute arbitrary code with root privileges. Although Ivanti has confirmed that exploitation attempts were observed only on honeypots, the vulnerability remains a significant concern. Ivanti released patches on June 10 for versions 10.5.2, 10.6.2, and 10.7.1 to address this issue. CISA has added this vulnerability to its Known Exploited Vulnerabilities catalog and has directed federal agencies to prioritize patching it within three days according to the BOD 26-04 guidance. CISA notes that successful exploitation requires the Sentry appliance to be in an unmanaged state with endpoints externally accessible. The use of mutual TLS with EPMM or restricted HTTPS access through Neurons for MDM can mitigate this risk by making interfaces inaccessible to external actors. Ivanti emphasizes that the vulnerability’s risk is significantly reduced by proper deployment and configuration. Specifically, management interfaces should not be exposed to the internet, a common misconfiguration in honeypots. Ivanti advises restricting internet access to the vulnerable API for Neurons for MDM-managed Sentry appliances to further safeguard against potential threats.