Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Watchlists Beta Browse News Feed Stats About Contact

CISA orders FCEB Ivanti Sentry remediation under BOD 26-04

Public Sector Action
First reported
Last updated
Happening score
H score 36
2 unique sources, 2 articles

Summary

Hide ▲

CISA ordered FCEB agencies to secure Ivanti Sentry within three days after confirming CVE-2026-10520 is being actively exploited, creating immediate remediation pressure on federal civilian systems. The directive came under Binding Operational Directive 26-04 and adds the flaw to the KEV Catalog. That combination makes the exposure operationally urgent for any federal deployment that still lacks a fix or acceptable mitigation.

Related Happenings

CISA BOD 26-04 remediation requirements

Advisory/Mitigation
H score31 First: 11.06.2026 15:46 Last: 11.06.2026 15:46 Sources 1

About this happening: CISA’s **Binding Operational Directive 26-04** forces **FCEB agencies** to speed up remediation of high-risk vulnerabilities, with some deadlines as short as **3 days** and new **...

Open Happening

CISA BOD 26-04 prioritizes vulnerability remediation for federal civilian agencies

Public Sector Action
H score27 First: 10.06.2026 15:00 Last: 10.06.2026 15:00 Sources 1

About this happening: **CISA** issued **Binding Operational Directive 26-04** to require **federal civilian agencies** to prioritize vulnerability remediation using **Asset Exposure**, **KEV Status**,...

Open Happening

Ivanti Sentry OS command injection RCE as root (CVE-2026-10520)

Vulnerability
H score48 First: 10.06.2026 09:26 Last: 10.06.2026 09:26 Sources 1

How related: Tracked as CVE-2026-10520 (CVSS score of 10/10), the security defect is described as an OS command injection issue that could be exploited remotely, without authentication, to execute arbitrary code with root privileges.

About this happening: **Ivanti Sentry** has a **critical OS command injection vulnerability**, **CVE-2026-10520**, that can let remote attackers execute code with **root privileges** on the gateway app...

Open Happening

CISA orders FCEB patching for CVE-2026-9082

Public Sector Action
H score42 First: 26.05.2026 11:46 Last: 26.05.2026 11:46 Sources 1

About this happening: **CISA** added **CVE-2026-9082** to the **KEV Catalog** and ordered **FCEB agencies** to patch **Drupal** by **May 27**, turning an actively exploited flaw into a mandatory federa...

Open Happening

CISA KEV order for Copy Fail on federal Linux devices

Public Sector Action
H score42 First: 08.05.2026 10:45 Last: 08.05.2026 10:45 Sources 1

About this happening: **CISA** added **Copy Fail** to the **Known Exploited Vulnerabilities (KEV) Catalog**, making the Linux flaw a federal remediation priority. The agency ordered **federal agencies*...

Open Happening

Timeline

  1. 12.06.2026 03:00 1 articles · 17h ago

    Ivanti releases patches for CVE-2026-10520 in Ivanti Sentry

    Mitigation Patch Update

    Ivanti released patches for CVE-2026-10520 in its security gateway appliance, Ivanti Sentry, and said it had no evidence of in-the-wild exploitation at that time.

    Show sources
    Open in new tab
  2. 12.06.2026 03:00 1 articles · 17h ago

    Shadowserver reports backdoored Ivanti Sentry gateways

    Detection Ioc Update

    Shadowserver reported that attackers had already backdoored many Internet-exposed Ivanti Sentry gateways and said it was observing a large amount of CVE-2026-10520 exploitation attempts based on public PoC code.

    Show sources
    Open in new tab
  3. 12.06.2026 03:00 1 articles · 17h ago

    Binding Operational Directive 26-04 sets federal patching criteria

    Legal Policy Action Update

    Binding Operational Directive 26-04 was issued and superseded BOD 19-02 and BOD 22-01, requiring U.S. federal agencies to prioritize patching when a vulnerable asset is publicly exposed online, the flaw is listed in CISA's KEV Catalog, exploitation can be automated at scale, or successful exploitation can give attackers partial or total control.

    Show sources
    Open in new tab
  4. 12.06.2026 03:00 3 articles · 17h ago

    CISA adds CVE-2026-10520 to the KEV Catalog and orders federal patching

    Legal Policy Action Update

    CISA confirmed that CVE-2026-10520 is actively exploited in attacks, added it to the Known Exploited Vulnerabilities Catalog, and ordered Federal Civilian Executive Branch agencies to secure their Ivanti Sentry instances within three days or discontinue use if mitigations are unavailable.

    Show sources
    Open in new tab