A maximum-severity command injection bug in Ivanti Sentry is already being backdoored across internet-facing gateways, and CISA is using its brand-new three-day patching directive to force federal agencies into action. Security teams running Sentry should treat any unpatched, exposed instance as already compromised.
The U.S. Cybersecurity and Infrastructure Security Agency has given federal agencies until Sunday to patch a critical Ivanti Sentry vulnerability that attackers are actively exploiting in the wild. The order, issued Thursday, is the first real-world test of CISA's newly minted Binding Operational Directive 26-04, which compresses the patching window for the most dangerous flaws down to three days.
The bug, tracked as CVE-2026-10520, carries a maximum severity rating and sits in Ivanti's security gateway appliance, the product formerly known as MobileIron Sentry. It stems from an OS command injection weakness, the kind of flaw that lets an attacker run arbitrary commands on the underlying system. When that system is an internet-facing gateway controlling mobile device access to corporate resources, the consequences are about as bad as they get.
What actually happened
The timeline here matters, because it shows how quickly defenders lost the race. Ivanti released patches for CVE-2026-10520 and stated it had no evidence of exploitation in the wild. One day later, the Shadowserver Foundation reported that attackers had already backdoored a large number of Sentry gateways exposed online.
Shadowserver currently tracks just over 50 Sentry admin portals reachable from the internet, but the organization is candid that this figure understates the real exposure. Many instances appear to be blocking its scanner, so the true count is almost certainly higher. The group's assessment for anyone still running an unpatched gateway is blunt.
"We are observing a large amount of Ivanti Sentry CVE-2026-10520 exploitation attempts based on the public PoC today," Shadowserver said. "While our detection is on the lowish side due to multiple Ivanti Sentry instances not reachable in our scans (blocklisted?), if you have not patched now you are most likely compromised."
That last line is the practical takeaway. With a public proof-of-concept circulating and mass exploitation underway, the question for affected organizations is no longer whether to patch but whether they need to assume a breach has already occurred. Ivanti, for its part, has not updated its advisory to acknowledge active exploitation, and an Ivanti spokesperson did not respond to BleepingComputer's requests for detail on the ongoing attacks.
Why the three-day deadline is new
CISA confirmed on Thursday that CVE-2026-10520 is being actively exploited and added it to the Known Exploited Vulnerabilities (KEV) catalog. That listing is what triggers mandatory action for Federal Civilian Executive Branch agencies, and under the fresh directive those agencies have just three days to remediate.
BOD 26-04, issued Wednesday, supersedes and revokes the older BOD 19-02 and BOD 22-01. Rather than applying a single blanket deadline to everything in the KEV catalog, it prioritizes patching based on risk factors that stack the odds in an attacker's favor: whether the asset is publicly exposed, whether the flaw is in the KEV catalog, whether exploitation can be automated for large-scale campaigns, and whether successful exploitation hands attackers partial or total control of the target. CVE-2026-10520 checks every box, which is precisely why it became the directive's first proving ground.
"This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise," CISA warned, adding that stakeholders are responsible for evaluating each asset's internet exposure and following BOD 26-04 patching guidelines. The agency also pointed organizations toward an uncomfortable fallback: if mitigations are unavailable, discontinue use of the product.
The broader pattern with edge devices
This is not an isolated incident, and that is the part worth sitting with. Over the past several years CISA has flagged 35 vulnerabilities across Ivanti's product line as exploited in attacks, with 12 of them targeted by ransomware gangs. Edge appliances, VPNs, gateways, and management consoles have become a favored entry point precisely because they sit at the network perimeter, speak directly to the internet, and often run code that is harder to inspect and slower to patch than ordinary endpoints.
The Sentry order also lands amid a string of similar emergency deadlines. In recent weeks CISA has compressed patching timelines to three days for a Check Point VPN zero-day, a high-severity Oracle WebLogic Server flaw under active exploitation, and an actively exploited cPanel plugin bug. The shortening of these windows reflects a hard reality that defenders have watched play out repeatedly: the gap between patch release and mass exploitation is now frequently measured in hours, not weeks.
Practical advice for affected teams
If you run Ivanti Sentry, the immediate steps are straightforward even if the cleanup may not be. Apply Ivanti's patch now rather than scheduling it for the next maintenance window, because the public PoC means automated scanning is already finding exposed instances. Anyone whose gateway was internet-facing and unpatched during this window should move to incident response mode and hunt for signs of compromise rather than assuming the patch alone closes the door. Command injection backdoors persist after patching, so applying the fix does not evict an attacker who already has a foothold.
Look for unexpected processes, new or modified accounts, unfamiliar outbound connections, and any tampering with the appliance's configuration or logs. Where you can, take exposed admin portals off the public internet entirely and restrict access to trusted management networks or a VPN. The 50-plus internet-facing admin portals Shadowserver can see represent the avoidable category of risk, and an admin interface should rarely if ever be reachable from the open internet in the first place.
Non-federal organizations are not bound by BOD 26-04, but the directive's logic applies just as well outside government. An internet-exposed asset with a KEV-listed, automatable flaw that grants system control is the textbook definition of an emergency. Federal agencies have until Sunday because CISA can compel them. Everyone else should hold themselves to the same clock, because the attackers already are.
Comments
Please log in or register to join the discussion