A critical vulnerability in Ivanti Sentry, identified as CVE-2026-10520, has been exploited by attackers, compromising numerous internet-exposed gateways shortly after a patch was released. This maximum-severity OS command injection flaw allows remote code execution with root privileges, enabling threat actors to gain unauthorized access to affected systems. The vulnerability affects Ivanti Sentry versions prior to R10.5.2, R10.6.2, and R10.7.1, and can be exploited by remote unauthenticated users. The swift exploitation of this vulnerability highlights the importance of prompt patching and monitoring for signs of compromise1. As a result, entities using Ivanti Sentry should prioritize patching and assessing their exposure to this vulnerability, taking into account evidence of active exploitation. The exploitation of CVE-2026-10520 expands the active attack surface, making it essential for practitioners to take immediate action to protect their systems.