Vulnerability Management , Patch/Configuration Management CISA gives agencies 3 days to patch maximum severity Ivanti vulnerability June 12, 2026 Share By Laura French The U.S. Cybersecurity and Infrastructure Security Agency (CISA) set a three-day deadline for federal agencies to remediate a maximum severity vulnerability in Ivanti Sentry after adding the flaw to its Known Exploited Vulnerabilities (KEV) catalog on Thursday. The Ivanti Sentry vulnerability, tracked as CVE-2026-10520 , is an operating system (OS) command injection flaw that allows a remote, unauthenticated attacker to achieve remote code execution (RCE) as root on publicly exposed instances in certain configurations, according to an Ivanti advisory published Tuesday. Ivanti explained that Sentry instances managed by EPMM are protected from this vulnerability by mTLS, while instances managed by Neurons for MDM should not have the management interface exposed to the internet. The advisory also states, “it’s not possible for an unmanaged Sentry to be used in production as the management is what pushes the configuration for device connectivity and authentication.” The KEV entry for CVE-2026-10520 stated that the flaw can be successfully exploited when the Sentry instance is unmanaged with its endpoints externally reachable. Ivanti denied that any customer instances have been impacted exploitation in the wild, saying the vulnerability was added to the KEV catalog due to exploitation attempts against honeypots. “Management interfaces should never be exposed to the internet, though honeypots often have misconfigurations to identify malicious behavior,” the Ivanti advisory stated. WatchTowr Labs published a proof-of-concept for exploitation of CVE-2026-10520 on Wednesday, demonstrating how user-supplied input to an exposed endpoint could achieve pre-authentication command execution. The watchTowr researchers noted that the patch both prevents the risky execution of user-supplied input and blocks all unauthenticated requests. On Wednesday, The Shadowserver Foundation reported observing 19 public vulnerable Sentry instances in its scans, with two of these instances being backdoored. The addition of CVE-2026-10520 to the KEV catalog and the three-day deadline follow the recent issuance of CISA’s binding operational directive (BOD) 26-04, which sets out new requirements for federal civilian executive branch (FCEB) agencies to remediate security vulnerabilities based on four main factors: asset exposure, KEV status, exploit automation potential and technical impact. The new remediation timelines set out by BOD 26-04 shorten deadlines to three days when certain combinations of criteria are met, for example, when then flaw is both in the KEV catalog and enables total control of affected systems, while also involving publicly exposed assets. “Cyber threat actors exploit unpatched vulnerabilities, and their use of AI may further narrow the time defenders have to react between patch release and possible exploitation. As a result, we must take immediate action to harden American networks and ensure our cybersecurity practices, including our policies for applying patches, address modern and increasingly sophisticated cyber threats,” the directive states. CISA's Authorized Data Publisher indicates that exploitation CVE-2026-10520 is automatable and could enable total control of affected systems. Laura French Related Vulnerability Management 10-year-old phpBB vulnerability allows admin account takeover SC Staff June 12, 2026 The vulnerability, introduced 10 years ago, affects all versions of the 3.x and 4.x release branches up to the specified versions. Patch/Configuration Management Siemens Desigo CC patch files falsely flagged as malware SC Staff June 11, 2026 The issue affects patch files for Desigo CC versions 7 through 9. Patch/Configuration Management CISA directs federal agencies on prioritization of cyber vulnerabilities SC Staff June 10, 2026 The new directive, BOD 26-04, mandates that federal agencies focus on vulnerabilities that affect publicly exposed assets, can be fully automated by attackers, allow for complete system control, or show evidence of active exploitation. Get daily email updates SC Media's daily must-read of the most current and pressing daily news Business Email By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy . Subscribe Related Terms Bug Buffer Overflow Disassembly You can skip this ad in 5 seconds