CISA orders feds to patch Ivanti flaw by Sunday

CISA ordered federal agencies to patch an actively exploited Ivanti Sentry flaw, CVE-2026-10520, within three days under BOD 26-04. The maximum-severity OS command injection vulnerability is under active attack, with Shadowserver warning that unpatched systems are likely compromised.