CISA has added CVE-2026-10520, an Ivanti Sentry OS command injection vulnerability, to its Known Exploited Vulnerabilities catalog based on active exploitation evidence. The agency reinforced vulnerability management priorities through BOD 26-04, requiring federal agencies to rapidly remediate high-risk vulnerabilities that grant complete system control, and encourages all organizations to adopt similar risk-based approaches.

Why it matters in Western Canada: Western Canadian public sector, healthcare, and energy organizations using Ivanti Sentry should prioritize patching this actively exploited vulnerability to prevent complete system compromise. Canadian organizations should align with CISA’s guidance and federal expectations for vulnerability management.

CVEs: CVE-2026-10520

---

Summary generated from the original advisory. Read the full source: cisa-advisories