Cyber·DevelopingEscalating
CISA warns Fortinet users to secure devices after FortiBleed credential leak
🇺🇸 United States (global exposure for Fortinet customers)· Global19 Jun
2 reportsCYPROP
LowAI Refreshed
MonitoringMedium impactAI Refreshed
Ivanti Patches Critical Sentry Vulnerabilities Enabling Root-Level Remote Code Execution
Occurred 10 Jun 2026·Detected 14 Jun 2026·
🇺🇸 Global — Ivanti Sentry is deployed by enterprises worldwide, primarily in the US9 reports
CyberPropertyCyberCasualty & Liability
Ivanti has patched two critical vulnerabilities in its Sentry secure mobile gateway, including a maximum-severity, pre-authentication remote code execution flaw that allows root-level code execution on the appliance. Vendor patches are available; no confirmed in-the-wild exploitation or insured losses have been reported, and specific CVE identifiers, CVSS scores, and the scale of exposed organizations remain undisclosed in available reporting.
AI-generated from linked source reports. See our correction policy.
Impact verdict
Medium impact. MEDIUM: A maximum-severity, pre-authentication RCE in an enterprise gateway appliance presents meaningful cyber accumulation risk and potential claims exposure across cyber, tech E&O, and crime/fraud lines. Severity is tempered by the availability of vendor patches, the absence of confirmed exploitation, and the lack of named affected insureds. Material uncertainty persists around exposure scale, exploitation status, and specific CVE identifiers.
View assessment methodologyHow we grade what we know -- Known · Reported · Uncertain. Methodology →
Intelligence ledger
Each line expands in place to its underlying sourced claim.
Known19 lines
Ivanti patched two critical vulnerabilities in Sentry secure mobile gateway▾
structured lineknown
No separate sourced-claim record is available for this line yet.
One vulnerability is maximum-severity and enables remote code execution with root privileges▾
structured lineknown
No separate sourced-claim record is available for this line yet.
Ivanti Sentry is deployed by enterprises worldwide, with primary concentration reported in the United States.▾
ivanti_sentry_deployment_global_us_heavyaccumulation riskvalid from 14 Jun 2026, 19:57Cyber
Market relevance: Geographic footprint shapes potential US cyber portfolio impact and regulatory notification exposure.
The affected product is published by Ivanti.▾
vendor_identity_ivantivendor concentrationvalid from 14 Jun 2026, 19:57Cyber
Market relevance: Identifies vendor for loss-history and product recall analysis.
Ivanti disclosed and patched two critical vulnerabilities in its Sentry secure mobile gateway.▾
ivanti_sentry_two_critical_vulns_patchedloss driver potentialvalid from 14 Jun 2026, 19:57Cyber
Market relevance: Enterprise gateway vulnerability with potential cyber accumulation exposure across multiple lines
“Ivanti has patched two critical vulnerabilities in its Sentry secure mobile gateway solution” — BleepingComputer · 10 Jun 2026, 06:26 · trade media
Supersession history: 1 prior/revised claim rows.
One of the vulnerabilities is maximum-severity, pre-authentication, and enables remote attackers to execute code with root privileges on the Sentry appliance.▾
ivanti_sentry_max_severity_preauth_rcecyber loss potentialvalid from 14 Jun 2026, 19:57Cyber
Market relevance: Maximum-severity pre-auth RCE with root execution is a worst-case gateway vulnerability profile, with direct relevance to cyber, tech E&O, and crime/social engineering coverage triggers.
“a maximum-severity flaw that enables remote attackers to execute code with root privileges” — BleepingComputer · 10 Jun 2026, 06:26 · trade media
Supersession history: 1 prior/revised claim rows.
One of the vulnerabilities is maximum-severity and enables pre-authentication remote code execution with root privileges on the Sentry appliance.▾
ivanti_sentry_max_severity_rce_rootaccumulation riskvalid from 14 Jun 2026, 19:57Cyber
Market relevance: Pre-auth root RCE on an internet-facing gateway is a high-impact pattern for cyber accumulation.
“maximum-severity flaw that enables remote attackers to execute code with root privileges” — BleepingComputer · 10 Jun 2026, 06:26 · trade media
Supersession history: 1 prior/revised claim rows.
One vulnerability is maximum-severity, pre-authentication, and enables unauthenticated remote attackers to execute code with root privileges on the Sentry appliance.▾
max_severity_pre_auth_rce_rootaccumulation riskvalid from 14 Jun 2026, 19:57Cyber
Market relevance: Pre-auth RCE with root on an internet-facing enterprise gateway is a worst-case cyber exposure profile.
“a maximum-severity flaw that enables remote attackers to execute code with root privileges” — BleepingComputer · 10 Jun 2026, 06:26 · trade media
Ivanti disclosed and patched two critical vulnerabilities in its Sentry secure mobile gateway.▾
ivanti_sentry_critical_vulns_disclosedcyber accumulation riskvalid from 14 Jun 2026, 19:57Cyber
Market relevance: Vendor-disclosed critical vulnerabilities in an enterprise gateway appliance with potential cyber accumulation exposure.
“Ivanti has patched two critical vulnerabilities in its Sentry secure mobile gateway solution, including a maximum-severity flaw that enables remote attackers to execute code with root privileges.” — BleepingComputer · 10 Jun 2026, 06:26 · trade media
No insured losses associated with the Sentry vulnerabilities have been reported.▾
no_insured_losses_reportedcontext onlyvalid from 14 Jun 2026, 19:57Cyber
Market relevance: Direct floor on current loss expectations across affected LoBs
Supersession history: 1 prior/revised claim rows.
No confirmed in-the-wild exploitation of the Sentry vulnerabilities has been reported.▾
no_confirmed_in_the_wild_exploitationcontext onlyvalid from 14 Jun 2026, 19:57Cyber
Market relevance: Absence of confirmed exploitation caps near-term claims expectations
Supersession history: 1 prior/revised claim rows.
Vendor patches are available for both Sentry vulnerabilities.▾
vendor_patches_availablecontext onlyvalid from 14 Jun 2026, 19:57Cyber
Market relevance: Patch availability constrains but does not eliminate accumulation risk where patching lags
“Ivanti has patched two critical vulnerabilities” — BleepingComputer · 10 Jun 2026, 06:26 · trade media
Vendor patches are available for the disclosed Sentry vulnerabilities.▾
ivanti_sentry_patches_availablecyber loss potentialvalid from 14 Jun 2026, 19:57Cyber
Market relevance: Available patches reduce but do not eliminate insured exposure; failure-to-patch scenarios remain a key underwriting and claims vector.
“Ivanti has patched two critical vulnerabilities” — BleepingComputer · 10 Jun 2026, 06:26 · trade media
Supersession history: 1 prior/revised claim rows.
Vendor patches have been released for both Sentry vulnerabilities.▾
ivanti_sentry_vendor_patch_availablerisk mitigationvalid from 14 Jun 2026, 19:57Cyber
Market relevance: Patch availability reduces but does not eliminate residual risk; patching timelines affect cyber underwriter posture.
“Ivanti has patched two critical vulnerabilities” — BleepingComputer · 10 Jun 2026, 06:26 · trade media
The event remains at the signal lifecycle stage pending confirmed exploitation or insured loss data.▾
lifecycle_signal_stagestatus updatevalid from 16 Jun 2026, 02:43Cyber
Market relevance: Lifecycle stage determines alert priority and syndicate briefing cadence.
Vendor patches are available for the disclosed Ivanti Sentry vulnerabilities.▾
patches_availableloss mitigationvalid from 14 Jun 2026, 19:57Cyber
Market relevance: Patch availability reduces realised loss probability if insureds apply updates promptly.
“Ivanti has patched two critical vulnerabilities” — BleepingComputer · 10 Jun 2026, 06:26 · trade media
Vendor patches are available for the disclosed Sentry vulnerabilities.▾
ivanti_sentry_vendor_patches_availableexposure assessmentvalid from 14 Jun 2026, 19:57Cyber
Market relevance: Reduces residual exposure window for patched insureds
“Ivanti has patched two critical vulnerabilities” — BleepingComputer · 10 Jun 2026, 06:26 · trade media
Vendor patches addressing both Sentry vulnerabilities are available from Ivanti.▾
sentry_patches_availableloss mitigationvalid from 14 Jun 2026, 19:57Cyber
Market relevance: Available patches reduce the window of insured exposure but only for insureds that apply them promptly.
“Ivanti has patched two critical vulnerabilities” — BleepingComputer · 10 Jun 2026, 06:26 · trade media
Vendor patches are available for both vulnerabilities; no confirmed in-the-wild exploitation has been reported as of available reporting.▾
patches_available_no_confirmed_exploitationcyber accumulation riskvalid from 14 Jun 2026, 19:57Cyber
Market relevance: Patches being available reduces but does not eliminate residual risk pending patch deployment cycles.
“Ivanti has patched two critical vulnerabilities in its Sentry secure mobile gateway solution” — BleepingComputer · 10 Jun 2026, 06:26 · trade media
Reported26 lines
Attackers can exploit the flaw to gain full system control on the Sentry appliance▾
structured linereported
No separate sourced-claim record is available for this line yet.
Ivanti Sentry is deployed by enterprises worldwide, with reporting indicating primary deployment concentration in the United States.▾
global_deployment_us_primarycontext onlyvalid from 14 Jun 2026, 19:57Cyber
Market relevance: Geographic concentration informs cyber treaty exposure by region
“Ivanti Sentry is deployed by enterprises worldwide, primarily in the US” — BleepingComputer · 10 Jun 2026, 06:26 · trade media
Attackers can exploit the maximum-severity flaw to gain full system control on the Sentry appliance, with potential downstream lateral movement and data exposure.▾
ivanti_sentry_attacker_full_system_controlcyber loss potentialvalid from 14 Jun 2026, 19:57Cyber
Market relevance: Full appliance control creates primary loss vectors (ransomware, data exfiltration, lateral movement) that map to cyber and tech E&O claim triggers.
“Ivanti has disclosed and patched two critical vulnerabilities in its Sentry secure mobile gateway” — BleepingComputer · 10 Jun 2026, 06:26 · trade media
Ivanti Sentry is deployed by enterprises worldwide, with primary concentration in the United States.▾
ivanti_sentry_deployment_global_us_leancyber loss potentialvalid from 14 Jun 2026, 19:57Cyber
Market relevance: Geographic concentration in the US is relevant for US-domiciled cyber, tech E&O, and crime policies with mobile gateway exposure.
No confirmed in-the-wild exploitation of the Sentry vulnerabilities has been reported.▾
ivanti_sentry_no_confirmed_exploitationcyber loss potentialvalid from 14 Jun 2026, 19:57Cyber
Market relevance: Absence of confirmed exploitation tempers near-term claims activity but does not remove accumulation risk given the vulnerability profile.
Successful exploitation could enable lateral movement and data compromise across corporate networks using Ivanti Sentry as a mobile gateway.▾
ivanti_sentry_lateral_movement_data_compromise_riskloss scenariovalid from 14 Jun 2026, 19:57Cyber
Market relevance: Lateral movement and data exposure drive first-party and third-party cyber claim scenarios.
Ivanti Sentry is deployed by enterprises worldwide, with primary concentration reported in the United States.▾
ivanti_sentry_deployment_geographyexposure geographyvalid from 14 Jun 2026, 19:57Cyber
Market relevance: Geographic concentration informs regional cyber portfolio exposure assumptions.
Ivanti Sentry is deployed by enterprises worldwide, with primary concentration in the United States.▾
global_deployment_primary_usgeographic exposurevalid from 14 Jun 2026, 19:57Cyber
Market relevance: Geographic footprint informs regional cyber portfolio exposure assessment.
Successful exploitation could enable lateral movement and data compromise across corporate networks using Sentry as a mobile device management gateway.▾
lateral_movement_data_compromise_riskaccumulation riskvalid from 14 Jun 2026, 19:57Cyber
Market relevance: Potential downstream business interruption and data breach loss pathways.
“potentially enabling lateral movement and data compromise across corporate networks” — BleepingComputer · 10 Jun 2026, 06:26 · trade media
Supersession history: 1 prior/revised claim rows.
Ivanti Sentry is deployed by enterprises worldwide, with a primary concentration in the United States.▾
ivanti_sentry_global_deployment_primarily_uscontextvalid from 14 Jun 2026, 19:57Cyber
Market relevance: Geographic concentration shapes the territory mix of potential cyber losses
One of the two vulnerabilities is maximum-severity and enables unauthenticated, pre-authentication remote code execution with root privileges on the Sentry appliance.▾
sentry_max_severity_preauth_root_rceclaims exposurevalid from 14 Jun 2026, 19:57Cyber
Market relevance: Pre-authentication RCE on a perimeter gateway is a high-impact access vector for cyber insurers and incident response.
“a maximum-severity flaw that enables remote attackers to execute code with root privileges” — BleepingComputer · 10 Jun 2026, 06:26 · trade media
Exploitation of the maximum-severity flaw could allow attackers to gain full system control on the Sentry appliance.▾
sentry_rce_full_system_controlclaims exposurevalid from 14 Jun 2026, 19:57Cyber
Market relevance: Full system control on a gateway device enables lateral movement and data compromise, relevant to cyber and potentially property covers.
“Attackers can exploit the flaw to gain full system control on the Sentry appliance” — BleepingComputer · 10 Jun 2026, 06:26 · trade media
Ivanti Sentry is deployed by enterprises worldwide, with a primary concentration in the United States, including use as a mobile device management gateway security appliance.▾
sentry_deployment_us_centric_globalaccumulation riskvalid from 14 Jun 2026, 19:57Cyber
Market relevance: US-centric deployment footprint aligns with concentration of US cyber insurance premiums and potential aggregation.
Successful exploitation could enable lateral movement and data compromise across corporate networks that rely on Sentry for mobile gateway security.▾
sentry_lateral_movement_data_compromise_riskclaims exposurevalid from 14 Jun 2026, 19:57Cyber
Market relevance: Lateral movement and data compromise drive both first-party and third-party cyber claim scenarios.
Ivanti Sentry is deployed by enterprises worldwide, with primary concentration reported in the United States.▾
global_deployment_geographycyber accumulation riskvalid from 14 Jun 2026, 19:57Cyber
Market relevance: Deployment geography informs geographic accumulation exposure for cyber portfolios.
Exploitation of the Sentry vulnerability could enable lateral movement and data compromise across corporate networks of organisations using Sentry for mobile device management gateway security.▾
ivanti_sentry_lateral_movement_riskloss vector indicatorvalid from 14 Jun 2026, 19:57Cyber
Market relevance: Gateway compromise with lateral movement potential elevates first-party loss and incident response severity for cyber policies.
“enabling lateral movement and data compromise across corporate networks” — BleepingComputer · 10 Jun 2026, 06:26 · trade media
Successful exploitation could give attackers full system control on the Sentry appliance, enabling lateral movement and data compromise across corporate networks.▾
full_system_control_riskloss driver potentialvalid from 14 Jun 2026, 19:57Cyber
Market relevance: Full appliance control elevates potential severity for cyber, tech E&O, and crime/fraud lines
“Attackers can exploit the flaw to gain full system control on the Sentry appliance” — BleepingComputer · 10 Jun 2026, 06:26 · trade media
One of the Sentry vulnerabilities is maximum-severity and enables unauthenticated remote code execution with root privileges on the appliance.▾
max_severity_pre_auth_root_rceloss driver potentialvalid from 14 Jun 2026, 19:57Cyber
Market relevance: Pre-auth root RCE on an enterprise gateway is the canonical accumulation-risk profile for cyber insurers
“a maximum-severity flaw that enables remote attackers to execute code with root privileges” — BleepingComputer · 10 Jun 2026, 06:26 · trade media
The maximum-severity flaw is exploitable pre-authentication, requiring no credentials on the Sentry appliance.▾
pre_authentication_vectorloss driver potentialvalid from 14 Jun 2026, 19:57Cyber
Market relevance: Pre-auth vector on an internet-facing gateway is a high-marker cyber accumulation profile
“a maximum-severity flaw that enables remote attackers to execute code with root privileges” — BleepingComputer · 10 Jun 2026, 06:26 · trade media
Successful exploitation allows attackers to gain full system control of the Sentry appliance, enabling potential lateral movement and data compromise across corporate networks.▾
ivanti_sentry_attack_vector_full_system_controlaccumulation riskvalid from 14 Jun 2026, 19:57Cyber
Market relevance: Gateway compromise can act as a pivot into enterprise environments, a recognised pattern in cyber claims.
“Attackers can exploit the flaw to gain full system control on the Sentry appliance” — BleepingComputer · 10 Jun 2026, 06:26 · trade media
No insured losses tied to the Sentry vulnerabilities have been reported.▾
ivanti_sentry_no_named_insured_lossescyber loss potentialvalid from 14 Jun 2026, 19:57Cyber
Market relevance: No reported insured losses keeps this firmly in the signal/awareness stage with no current claims emergence.
No insured losses, claims, or named affected insureds have been reported in connection with the Sentry vulnerabilities.▾
ivanti_sentry_no_insured_losses_reportedlossvalid from 14 Jun 2026, 19:57Cyber
Market relevance: Absence of reported insured losses supports medium (not high) severity banding.
Supersession history: 1 prior/revised claim rows.
No insured losses tied to the Sentry vulnerabilities have been reported in available sources.▾
sentry_no_insured_losses_reporteduncertaintyvalid from 14 Jun 2026, 19:57Cyber
Market relevance: Absence of reported insured losses supports a medium (not high) materiality banding for now.
Compromise of an internet-facing Sentry gateway could enable lateral movement and broader data compromise across corporate networks.▾
ivanti_sentry_gateway_lateral_movement_riskloss scenariovalid from 14 Jun 2026, 19:57Cyber
Market relevance: Lateral movement from a gateway appliance can translate into larger cyber incident losses
No confirmed in-the-wild exploitation of the Ivanti Sentry vulnerabilities has been reported in available sources.▾
ivanti_sentry_no_confirmed_in_the_wild_exploitationuncertainty qualifiervalid from 14 Jun 2026, 19:57Cyber
Market relevance: Absence of confirmed exploitation tempers near-term claims expectation; subject to revision as threat-intel reporting emerges.
Supersession history: 1 prior/revised claim rows.
No named affected insureds or insured losses have been reported in connection with the Sentry vulnerabilities.▾
ivanti_sentry_no_named_affected_insuredsexposure assessmentvalid from 14 Jun 2026, 19:57Cyber
Market relevance: Limits near-term loss emergence signal for cyber carriers
Uncertain23 lines
Whether the vulnerabilities have been actively exploited in the wild prior to patching▾
structured lineuncertain
No separate sourced-claim record is available for this line yet.
Number of organizations exposed or compromised▾
structured lineuncertain
No separate sourced-claim record is available for this line yet.
Specific CVE identifiers and CVSS scores▾
structured lineuncertain
No separate sourced-claim record is available for this line yet.
The number of organizations exposed or potentially compromised is not disclosed in available reporting.▾
exposure_scale_undisclosedcontext onlyvalid from 14 Jun 2026, 19:57Cyber
Market relevance: Core driver of accumulation severity; absence caps materiality at medium
“the scale of exposed organizations remain undisclosed in available reporting” — BleepingComputer · 10 Jun 2026, 06:26 · trade media
Supersession history: 1 prior/revised claim rows.
Specific CVSS scores for the Sentry vulnerabilities are not disclosed in available reporting beyond characterisation of one as maximum-severity.▾
ivanti_sentry_cvss_scores_unknowncyber loss potentialvalid from 14 Jun 2026, 19:57Cyber
Market relevance: Without explicit CVSS, underwriters rely on vendor characterisation; limits granularity of exposure scoring.
Specific CVE identifiers for the Sentry vulnerabilities are not disclosed in available reporting.▾
ivanti_sentry_cve_identifiers_unknowncyber loss potentialvalid from 14 Jun 2026, 19:57Cyber
Market relevance: Absent CVE identifiers, precise vulnerability management scoping and underwriting triage are constrained.
The number of organizations exposed to or affected by the Sentry vulnerabilities is not disclosed in available reporting.▾
ivanti_sentry_exposure_scale_unknowncyber loss potentialvalid from 14 Jun 2026, 19:57Cyber
Market relevance: Unknown exposure scale is the principal driver of cyber accumulation uncertainty; bounds the upper end of potential claims severity.
Supersession history: 1 prior/revised claim rows.
Specific CVE identifiers and CVSS scores for the two Sentry vulnerabilities are not present in available reporting.▾
ivanti_sentry_cve_cvss_undisclosedaccumulation riskvalid from 14 Jun 2026, 19:57Cyber
Market relevance: Lack of CVE/CVSS detail limits precise underwriter triage; expected to be clarified via vendor advisory.
Specific CVE identifiers and CVSS scores for the Ivanti Sentry vulnerabilities are not disclosed in available reporting.▾
ivanti_sentry_cve_identifiers_undisclosedinformation gapvalid from 14 Jun 2026, 19:57Cyber
Market relevance: Absence of CVE/CVSS detail limits precise underwriting triage and threat-intel matching.
Supersession history: 1 prior/revised claim rows.
The number of organisations exposed or potentially compromised via the Sentry vulnerabilities remains undisclosed in available reporting.▾
exposed_organisation_scale_uncertainaccumulation uncertaintyvalid from 16 Jun 2026, 02:43Cyber
Market relevance: Scale uncertainty directly limits accumulation modelling for cyber syndicates.
The number of organisations exposed to or affected by the disclosed Sentry vulnerabilities is not disclosed in available reporting.▾
ivanti_sentry_exposure_scale_uncertainexposure assessmentvalid from 14 Jun 2026, 19:57Cyber
Market relevance: Exposure scale is a key determinant of cyber accumulation severity
Formal CVSS scores for the disclosed Sentry vulnerabilities have not been published in available reporting.▾
ivanti_sentry_cvss_scores_undisclosedcontextvalid from 14 Jun 2026, 19:57Cyber
Market relevance: CVSS scoring is expected for tracked vulnerabilities and is relevant for underwriting triage
The number of organisations exposed or potentially compromised via the Sentry vulnerabilities is not disclosed in available reporting.▾
sentry_exposure_scale_uncertainaccumulation riskvalid from 14 Jun 2026, 19:57Cyber
Market relevance: Exposure scale is a key driver of cyber accumulation; uncertainty limits underwriting precision.
Specific CVE identifiers and CVSS scores for the Sentry vulnerabilities remain undisclosed in available reporting.▾
sentry_cve_identifiers_undiscloseduncertaintyvalid from 14 Jun 2026, 19:57Cyber
Market relevance: Lack of disclosed identifiers complicates insureds' patching validation and underwriter exposure assessment.
Whether either vulnerability has been actively exploited in the wild prior to patching is unconfirmed in available reporting.▾
wild_exploitation_status_uncertainunderwriting uncertaintyvalid from 14 Jun 2026, 19:57Cyber
Market relevance: Confirmed pre-patch exploitation typically elevates cyber severity and may trigger war/cyber attribution coverage disputes.
Specific CVE identifiers and CVSS scores for the two vulnerabilities are not disclosed in available reporting.▾
cve_identifiers_cvss_undisclosedunderwriting uncertaintyvalid from 14 Jun 2026, 19:57Cyber
Market relevance: CVE disclosure typically required for underwriting triage and retro coverage decisions.
It is not confirmed whether either vulnerability was actively exploited in the wild prior to patching.▾
ivanti_sentry_no_confirmed_wild_exploitationuncertainty markervalid from 14 Jun 2026, 19:57Cyber
Market relevance: Absence of confirmed exploitation limits attribution of near-term loss activity to this vulnerability cluster.
Specific CVE identifiers and CVSS scores for the two disclosed vulnerabilities were not included in the available reporting.▾
ivanti_sentry_cve_identifiers_unpublishedinformation gapvalid from 14 Jun 2026, 19:57Cyber
Market relevance: CVE publication is a standard trigger for underwriting reassessment and scanner-based exposure measurement.
Specific CVE identifiers for the Sentry vulnerabilities are not disclosed in available reporting.▾
cve_identifiers_undisclosedcontext onlyvalid from 14 Jun 2026, 19:57Cyber
Market relevance: Limits precise underwriting triage and exposure matching
“Specific CVE identifiers ... remain undisclosed in available reporting” — BleepingComputer · 10 Jun 2026, 06:26 · trade media
Supersession history: 1 prior/revised claim rows.
CVSS scores for the Sentry vulnerabilities are not disclosed in available reporting.▾
cvss_scores_undisclosedcontext onlyvalid from 14 Jun 2026, 19:57Cyber
Market relevance: Limits precise severity banding for underwriting
“CVSS scores ... remain undisclosed in available reporting” — BleepingComputer · 10 Jun 2026, 06:26 · trade media
Supersession history: 1 prior/revised claim rows.
No insured losses tied to the Ivanti Sentry vulnerabilities have been reported in available sources.▾
no_reported_insured_lossesloss probabilityvalid from 16 Jun 2026, 02:43Cyber
Market relevance: Direct input to event severity banding under insured-loss framework.
It is not publicly confirmed whether either vulnerability has been actively exploited in the wild prior to or following patching.▾
ivanti_sentry_in_the_wild_exploitation_statusaccumulation riskvalid from 14 Jun 2026, 19:57Cyber
Market relevance: Absence of confirmed exploitation reduces near-term claims likelihood but uncertainty remains material.
There is no confirmed evidence of in-the-wild exploitation of the Sentry vulnerabilities prior to or after disclosure in available reporting.▾
sentry_no_confirmed_in_the_wild_exploitationuncertaintyvalid from 14 Jun 2026, 19:57Cyber
Market relevance: Absence of confirmed exploitation reduces near-term claims likelihood but does not eliminate scanning and opportunistic attack risk.
Geographic Zone Matches
3 active matches
- TRIA Certified AreasRule-basedConfidence 100%
- Pacific Ring of FireRule-basedConfidence 100%
- Caribbean Hurricane ZoneRule-basedConfidence 100%
Geographic zone matches are RiskEvents spatial/analytical indicators, not coverage determinations or Lloyd's official classifications.
Affected countries
🇺🇸 United States
Latest developments
- Vendor confirmed patching of two critical Sentry vulnerabilities. — BleepingComputer
- Maximum-severity pre-authentication RCE with root privileges reported in Sentry. — BleepingComputer
- Reported exploitation path could yield full system control on the Sentry appliance. — BleepingComputer
- Patches available from vendor; reduces but does not eliminate exposure. — BleepingComputer
- No confirmed in-the-wild exploitation reported. — BleepingComputer
- No insured losses reported to date. — BleepingComputer
- CVE identifiers not disclosed in available reporting. — BleepingComputer
- CVSS scores not disclosed in available reporting. — BleepingComputer
Timeline
Status Change19 Jun 2026, 07:30
Status changed to monitoring
Auto-transitioned: no updates for 6 hours
active -> monitoring
Status Change19 Jun 2026, 01:14
Status changed to active
evidence_trigger: developing_promotion
developing -> active
Corroboration19 Jun 2026, 01:14
CISA has added CVE-2026-10520, an OS command injection vulnerability in Ivanti Sentry, to its Known Exploited Vulnerabilities Catalog based on evidence of active exploitation. The vulnerability allows total control of affected assets post-exploitation and requires federal agencies to prioritize rapid remediation under BOD 26-04. While the advisory is a routine catalog update, the critical-severity nature and confirmed active exploitation of Ivanti Sentry—a network appliance used by enterprises—carries potential cyber insurance exposure for organizations running affected versions.
Source: CISA Advisories (Official Advisory) · View source
Status Change18 Jun 2026, 22:10
Status changed to developing
evidence_trigger: corroboration >= 2
signal -> developing
Corroboration18 Jun 2026, 22:10
CISA has issued its first-ever 3-day emergency patch mandate for a critical vulnerability in Ivanti Sentry (API gateway/MDM management appliance), citing confirmed active exploitation. The flaw affects federal agencies and potentially many enterprise and government customers globally. Rapid patching is required, signalling significant risk of data exposure or system compromise across organisations using the appliance.
Source: techtimes.com (Mainstream Media) · View source
Initial Detection14 Jun 2026, 19:57
Initial Detection
Ivanti has disclosed and patched two critical vulnerabilities in its Sentry secure mobile gateway, including a maximum-severity flaw allowing unauthenticated remote attackers to execute code as root. The vulnerabilities pose significant risk to enterprises using Ivanti Sentry for mobile device management gateway security, potentially enabling lateral movement and data compromise across corporate networks.
Ivanti has patched two critical vulnerabilities in its Sentry secure mobile gateway solution, including a maximum-severity flaw that enables remote attackers to execute code with root privileges.
Source: BleepingComputer (Trade Media) · View source
Lloyd's classifications
Tracking this kind of risk? Get an email when Cyber events escalate.
Get alerts