CISA has added a critical Ivanti Sentry vulnerability to its Known Exploited Vulnerabilities catalog, but Ivanti says the exploitation attempts were only observed on honeypots, not actual production systems. The vulnerability, tracked as CVE-2026-10520 with a maximum severity score of 10, allows remote attackers to execute arbitrary code as root, but requires access to a management port that should never be exposed to the internet. Ivanti notes that properly configured deployments have significantly lower risk since the vulnerable interfaces are protected by mutual TLS or should have restricted internet access.