CISA 2026-06-11

CISA Adds One Known Exploited Vulnerability to Catalog

CVE-2026-10520

Machine-generated analysis · WAYSCloud LLM

The added vulnerability allows OS command injection, which the advisory explicitly states grants total control of the affected asset post-exploitation.

Context

The affected product is Ivanti Sentry, a component used in secure access management solutions. The advisory states that CVE-2026-10520 is an OS command injection vulnerability currently under active exploitation. This vulnerability has been added to CISA’s Known Exploited Vulnerabilities (KEV) catalog due to confirmed exploitation. BOD 26-04 mandates federal agencies to prioritize remediation of such vulnerabilities on publicly exposed assets.

Operator considerations

Check: Ivanti Sentry instances exposed to the internet
Patch: Apply available updates or mitigations for CVE-2026-10520
Log: Monitor for unusual command execution or access patterns on affected systems

From Cybersecurity and Infrastructure Security Agency ↗

CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.

CVE-2026-10520 Ivanti Sentry OS Command Injection Vulnerability

This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise.

Binding Operational Directive (BOD) 26-04: Prioritizing Security Updates Based on Risk establishes vulnerability management requirements for Federal Civilian Executive Branch (FCEB) agencies, updating BOD 22-01. BOD 26-04 reinforces the importance of the KEV catalog and requires federal agencies to prioritize rapid remediation of high-risk vulnerabilities, specifically those identified by Common Vulnerabilities and Exposures (CVEs) listed in CISA’s Known Exploited Vulnerabilities (KEV) catalog on publicly exposed assets that grant total control of the as...

Read the full advisory on CISA →