{"id":271510,"date":"2026-06-12T14:49:00","date_gmt":"2026-06-12T18:49:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/06\/12\/u-s-cisa-adds-ivanti-sentry-flaw-to-its-known-exploited-vulnerabilities-catalog-and-urges-patching-by-june-14\/"},"modified":"2026-06-12T15:50:13","modified_gmt":"2026-06-12T19:50:13","slug":"u-s-cisa-adds-ivanti-sentry-flaw-to-its-known-exploited-vulnerabilities-catalog-and-urges-patching-by-june-14","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/06\/12\/u-s-cisa-adds-ivanti-sentry-flaw-to-its-known-exploited-vulnerabilities-catalog-and-urges-patching-by-june-14\/","title":{"rendered":"U.S. CISA adds Ivanti Sentry\u00a0flaw to its Known Exploited Vulnerabilities catalog and urges patching by June 14"},"content":{"rendered":"

U.S. CISA adds Ivanti Sentry\u00a0flaw to its Known Exploited Vulnerabilities catalog and urges patching by June 14<\/a><\/p>\n

https:\/\/securityaffairs.com\/193557\/security\/u-s-cisa-adds-ivanti-sentry-flaw-to-its-known-exploited-vulnerabilities-catalog-and-urges-patching-by-june-14.html<\/a><\/p>\n

Publish Date: 2026-06-12 14:49:00<\/a><\/p>\n

Source Domain: securityaffairs.com<\/a><\/p>\n

U.S. CISA adds Ivanti Sentry\u00a0flaw to its Known Exploited Vulnerabilities catalog and urges patching by June 14<\/h2>\n<\/p>\n

\t\t\t\t\t\t\t Pierluigi Paganini<\/span>
\n\t\t\t\t\t\t\t\"\"\/ June 12, 2026<\/span><\/p>\n

\t\t\t\t\t\t\"\"\/<\/p>\n

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Ivanti Sentry flaw to its Known Exploited Vulnerabilities catalog.<\/h2>\n

The U.S. Cybersecurity and Infrastructure Security Agency (CISA)\u00a0added Ivanti Sentry flaw, tracked as CVE-2026-10520 (CVSS score of 10.0), to its Known Exploited Vulnerabilities (KEV) catalog. <\/p>\n

Ivanti Sentry is a secure gateway appliance that sits between an organization\u2019s internal systems and mobile devices, helping companies manage and protect mobile access to corporate resources.<\/p>\n

Threat actors have started exploiting the maximum-severity OS command injection flaw in Ivanti Sentry, that allows remote code execution with root privileges.<\/p>\n

\u201cAn OS Command Injection vulnerability\u00a0in Ivanti\u00a0Sentry before\u00a0the\u00a0R10.5.2, R10.6.2 and R10.7.1\u00a0versions\u00a0allows\u00a0a remote unauthenticated user to achieve root-level remote code execution\u00a0\u201d\u00a0reads the advisory.<\/p>\n

The vulnerability affects the secure mobile gateway used to protect communications between corporate systems and mobile devices. Although Ivanti initially reported no evidence of active attacks, researchers at Shadowserver found that many internet-exposed Sentry gateways had already been backdoored shortly after the security updates were released.<\/p>\n

\u201cWe are observing a large amount of Ivanti Sentry CVE-2026-10520 exploitation attempts based on the public PoC today. We see 19 vulnerable instances in our own scans, with at least 2 backdoored (thanks to\u00a0@NCA_KSA\u00a0for the tip!). However, all remaining likely compromised too.\u201d the Shadowserver Foundation posted on X. \u201cWhile our detection is on the lowish side due to multiple Ivanti Sentry instances not reachable in our scans (blocklisted?), if you have not patched you are most likely compromised. Vuln…<\/p>\n

Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

U.S. CISA adds Ivanti Sentry\u00a0flaw to its Known Exploited Vulnerabilities catalog and urges patching by…<\/p>\n","protected":false},"author":1,"featured_media":271511,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/securityaffairs.com\/wp-content\/uploads\/2020\/07\/CISA.jpeg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[24,27],"class_list":["post-271510","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-cybersecurity","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/271510"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=271510"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/271510\/revisions"}],"predecessor-version":[{"id":271512,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/271510\/revisions\/271512"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/271511"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=271510"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=271510"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=271510"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}