Ivanti Sentry CVE-2026-10520: CISA's First 3-Day Patch Mandate

CISA has ordered federal agencies to patch CVE-2026-10520, a maximum-severity command injection flaw in Ivanti Sentry, within three calendar days—the first real-world application of Binding Operational Directive 26-04. Attackers began weaponizing the vulnerability within 40 hours of a public proof-of-concept release, and security researchers report that unpatched instances are "most likely compromised."

TL;DR

• What happened: CVSS 10.0 OS command injection in Ivanti Sentry enables unauthenticated root RCE
• Who's affected: All Ivanti Sentry deployments prior to versions R10.5.2, R10.6.2, and R10.7.1
• Severity: Critical (CVSS 10.0)—maximum rating
• Action required: Patch by June 14, 2026 (federal mandate) or assume compromise

What Makes This Vulnerability So Dangerous?

The flaw resides in Sentry's /mics/api/v2/sentry/mics-config/handleMessage endpoint, which accepts unauthenticated POST requests and passes user-supplied input directly to OS command execution via Java reflection. No credentials required, no user interaction needed—just root-level access on demand.

Ivanti Sentry (formerly MobileIron Sentry) functions as a security gateway managing traffic between corporate backend systems and remote mobile devices. Compromising it gives attackers a pivot point into the enterprise network from an internet-facing position.

Why CISA Shortened the Deadline

Traditional remediation windows span two to three weeks. CISA compressed this to 72 hours because four risk factors converged at maximum severity:

1. The vulnerable asset is internet-facing
2. Exploitation is confirmed in the wild (KEV-listed)
3. The exploit is fully automatable at scale
4. Successful attacks grant complete system control

CISA's advisory noted that "AI-accelerated weaponization" made traditional patch cadences "operationally obsolete." The median remediation time for critical vulnerabilities reached 43 days in 2025—far exceeding what this threat environment permits.

Active Exploitation Is "Non-Stop"

Security firm Shadowserver confirmed that attackers had already backdoored many exposed Sentry gateways within 24 hours of the PoC release. Their scan data showed at least 19 vulnerable instances, with "at least 2 backdoored" among those they monitored directly.

"If you have not patched now you are most likely compromised," Shadowserver warned. The exploitation activity was characterized as "pretty much non-stop active" with fully automated, scripted attacks requiring no prior system fingerprinting.

This pattern mirrors what we saw with the Langflow RCE vulnerability last week—rapid weaponization of critical flaws in enterprise infrastructure.

Companion Vulnerability Adds to the Risk

Ivanti patched CVE-2026-10520 alongside CVE-2026-10523 (CVSS 9.9), an authentication bypass that allows unauthenticated attackers to create arbitrary administrative accounts. The two vulnerabilities together give attackers multiple paths to full system control.

Affected Versions and Patches

Fixed versions released on June 9, 2026:

• Sentry R10.5.2
• Sentry R10.6.2
• Sentry R10.7.1

All prior versions across all release trains are vulnerable. Check Ivanti's security advisory for specific version details.

Recommended Actions

1. Patch immediately—Apply the June 9 hotfixes before the June 14 federal deadline
2. Assume compromise if unpatched—If you haven't patched by now, treat the system as breached
3. Check for backdoors—Review authentication logs and look for unauthorized admin accounts
4. Isolate pending verification—If patching isn't immediately possible, take Sentry offline
5. Monitor outbound traffic—Watch for unusual connections from gateway systems

Why This Matters

BOD 26-04 represents a fundamental shift in how CISA responds to critical vulnerabilities. The directive explicitly accounts for AI-accelerated exploit development, acknowledging that the window between disclosure and weaponization has collapsed from weeks to hours.

Ivanti products have been a frequent target—the Check Point VPN zero-day exploited by Qilin ransomware follows a similar pattern of security gateway compromise enabling network-wide attacks. Organizations running any internet-facing security appliances should review their patch management processes now, before the next 3-day mandate arrives.

The broader trend is clear: perimeter security devices have become the primary attack surface. When the thing protecting your network becomes the entry point, traditional defense-in-depth assumptions break down entirely.