What vulnerability has been identified in Ivanti Sentry?

A critical flaw allowing attackers to gain unauthorized system access is being actively exploited. Technical details remain undisclosed, but the vulnerability is already in use by threat actors.

Why has CISA imposed such a short patching deadline?

The directive follows BOD 26-04, which requires federal agencies to remediate actively exploited vulnerabilities within three days due to high risks to critical infrastructure security.

What are the potential consequences of failing to patch this flaw?

Unpatched vulnerabilities could lead to data breaches, unauthorized network access, and cyberattacks. For government organizations, this poses severe threats to national security.

← All news

Security

CISA Mandates U.S. Agencies to Patch Ivanti Sentry Flaw by Sunday

June 12, 2026

Photo: BleepingComputer

Quick answer

CISA has ordered U.S. federal agencies to patch a critical, actively exploited vulnerability in Ivanti Sentry by August 25.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued a directive requiring all federal agencies to patch a critical vulnerability in Ivanti Sentry by August 25. The mandate is based on the newly enacted BOD 26-04, which enforces strict deadlines for addressing actively exploited flaws in government systems.

The flaw in Ivanti Sentry enables threat actors to gain control over vulnerable systems, creating significant security risks. While CISA has not disclosed technical details, it confirmed the vulnerability is already being exploited in attacks. All federal agencies must install patches within three days of the directive's publication.

Experts highlight that such measures aim to mitigate threats to critical infrastructure. Non-compliance may result in restricted access to vulnerable systems. Ivanti has already released security updates, urging all users to apply them immediately.

Common questions

What vulnerability has been identified in Ivanti Sentry?: A critical flaw allowing attackers to gain unauthorized system access is being actively exploited. Technical details remain undisclosed, but the vulnerability is already in use by threat actors.
Why has CISA imposed such a short patching deadline?: The directive follows BOD 26-04, which requires federal agencies to remediate actively exploited vulnerabilities within three days due to high risks to critical infrastructure security.
What are the potential consequences of failing to patch this flaw?: Unpatched vulnerabilities could lead to data breaches, unauthorized network access, and cyberattacks. For government organizations, this poses severe threats to national security.

Dzen feed: /feed/dzen.xml · RSS: /feed.xml