Ivanti Sentry Critical Flaws Exploited 24 Hours After Disclosure
Twenty-four hours separated disclosure from in-the-wild exploitation — CISA's emergency directive gives federal agencies three days to patch.
Key Takeaways
|
A maximum-severity flaw, a working exploit, and a 24-hour gap between disclosure and attack — the patch window is collapsing.
SOUTH JORDAN, UTAH — Two critical vulnerabilities in Ivanti Sentry went from public disclosure to in-the-wild exploitation in roughly 24 hours, prompting the U.S. Cybersecurity and Infrastructure Security Agency to give federal agencies just three days to patch. The flaws — CVE-2026-10520, an unauthenticated OS command injection carrying a maximum CVSS score of 10.0, and CVE-2026-10523, an authentication bypass rated CVSS 9.9 — affect Ivanti's enterprise mobile-management gateway and, according to Rapid7, were being probed in honeypots almost immediately after the details became public.
The speed of the turnaround is the story. Ivanti's Sentry appliance sits at the network edge, brokering access between mobile devices and corporate resources, which makes it exactly the kind of internet-facing target that automated tooling sweeps for. The episode lands amid a run of edge-device flaws that have followed the same pattern, from a recently disclosed Palo Alto GlobalProtect VPN authentication bypass that was actively exploited to the steady cadence of critical bugs tracked in our monthly CVE watch.
| At a Glance | |
|---|---|
| Field | Details |
| Product | Ivanti Sentry (mobile-management gateway) |
| CVE-2026-10520 | OS command injection — CVSS 10.0 |
| CVE-2026-10523 | Authentication bypass — CVSS 9.9 |
| Disclosed | June 10, 2026 |
| Exploitation | Within ~24 hours of disclosure |
| Observed by | Rapid7 (honeypot activity) |
| CISA action | Added to KEV; 3-day federal patch deadline (June 14) |
CVE-2026-10520 and CVE-2026-10523 in Plain English
Ivanti Sentry is a gateway appliance that brokers access between managed mobile devices and the corporate systems behind them — email, calendars, internal applications. Because it sits between untrusted devices and trusted infrastructure, a flaw in the gateway itself is unusually valuable to an attacker: control the broker, and you sit astride the traffic it governs.
CVE-2026-10520 is the more severe of the two, rated a maximum CVSS 10.0. According to Rapid7, it is an OS command injection weakness that allows a remote, unauthenticated attacker to run operating-system commands on the appliance — the kind of flaw that can translate directly into full control of the device with no valid credentials required. A score of 10.0 is reserved for vulnerabilities that are both trivially reachable and maximally impactful, and this one qualifies on both counts.
CVE-2026-10523, rated CVSS 9.9, is an authentication bypass. Per Rapid7's analysis, it lets an unauthenticated attacker sidestep the login controls that are supposed to gate administrative access to the gateway. The two flaws are described in reporting as a potential chain — a way to bypass authentication and then execute commands — though whether they are being exploited together or independently in observed activity has not been established. What is clear is that either one, on its own, is severe enough to demand emergency action.
24 Hours From Disclosure to Exploitation — What That Means for IR Teams
Ivanti disclosed the two vulnerabilities and shipped patches on June 10, 2026. According to Dark Reading, in-the-wild exploitation began within roughly 24 hours. Rapid7 reported that exploitation attempts were hitting its honeypots — decoy systems that have no legitimate users, so any traffic against them is, by definition, hostile probing rather than normal activity.
That detail matters for incident-response teams because it reframes the timeline they are working against. The traditional mental model — disclosure, then a grace period while patches are tested and rolled out, then eventual exploitation — does not survive a 24-hour turnaround. When a working technique is public and the target is an internet-facing appliance, the window between "we learned about this" and "we are being attacked" can be measured in hours, not weeks.
For defenders, the practical implication is that patch velocity is now a frontline control, not a back-office chore. A gateway like Sentry cannot simply be queued for the next maintenance window when a maximum-severity exploit is already circulating. This is the operational reality that makes disciplined patch management indistinguishable from incident prevention — and it is precisely the reality CISA's directive is built around.
CISA's 3-Day Federal Patching Directive
CISA's response was unusually fast and unusually strict. The agency added CVE-2026-10520 to its Known Exploited Vulnerabilities catalog and, under its newly issued risk-based Binding Operational Directive BOD 26-04, set a three-day remediation deadline for federal civilian agencies — requiring them to patch by June 14, 2026.
The compressed clock is a direct product of the new directive's logic. BOD 26-04, titled "Prioritizing Security Updates Based on Risk," replaces the old flat patching deadlines with a model that shortens timelines for the highest-risk vulnerabilities. A maximum-severity flaw under active exploitation against an internet-facing appliance is close to a worst case under that model, and the three-day window reflects it.
While the directive is binding only on federal agencies, its deadlines have long served as a de facto benchmark for the private sector. A three-day federal clock is, in effect, CISA telling every organization running Sentry that this is not a vulnerability to schedule around. The KEV listing alone is a strong signal: it is reserved for flaws CISA has evidence are being exploited, and inclusion is the agency's clearest statement that the threat is real and present.
Defender Guidance for Non-Federal Deployments
Organizations outside the federal mandate face the same exposure without the legal deadline, and the guidance is straightforward: treat patching as an emergency change. Ivanti has released fixes for both CVE-2026-10520 and CVE-2026-10523, and applying them is the single highest-impact action available. Any internet-facing Sentry instance should be prioritized first.
Because exploitation began so quickly, patching alone may not be sufficient for systems that were exposed during the initial window. Defenders should review gateway logs for anomalous administrative account creation, unexpected command execution, and unfamiliar authentication activity dating back to disclosure. Where feasible, restricting management interfaces from direct internet exposure reduces the attack surface that automated scanning depends on.
It is worth being precise about what remains unknown. The specific threat actors behind the activity, the number of organizations compromised so far, and whether non-federal Sentry deployments are being targeted at scale have not been confirmed and should not be assumed. The honeypot activity Rapid7 reported establishes that exploitation is occurring; it does not, by itself, quantify the breach count.
Open Questions
Several material questions are unresolved. Attribution is open: no specific threat actor or actors have been confirmed, and the honeypot-based observations describe scanning and exploitation attempts rather than identified campaigns. The number of organizations actually compromised is likewise unconfirmed, as is the extent to which deployments outside the federal sphere have been targeted.
It also remains unestablished whether the two flaws are being chained in observed activity or exploited independently, and whether Ivanti has notified specific customer segments beyond its public advisory. As with any fast-moving edge-device exploitation event, those figures may grow as investigation continues. For now, the confirmed facts are enough to act on: a CVSS 10.0 command-injection flaw, a CVSS 9.9 authentication bypass, exploitation within 24 hours of disclosure, and a three-day federal patch clock that leaves no room to wait.
