CISA warns Ivanti zero-day is under active attack, urges immediate patching

The U.S. Cybersecurity and Infrastructure Security Agency has warned that a newly disclosed Ivanti vulnerability is being actively exploited, raising the risk for organizations that rely on the company’s software. The agency added the flaw, tracked as CVE-2026-XXXX, to its Known Exploited Vulnerabilities catalog after reports of real-world attacks.

CISA’s move signals that the issue is not theoretical. When a flaw reaches the exploited-vulnerabilities list, it means attackers are already using it against exposed systems, making speed essential for defenders. Federal agencies have been told to patch without delay, and other organizations using the affected products are being urged to follow suit.

Ivanti has faced repeated scrutiny in recent years as security teams race to contain serious bugs in its remote access and enterprise tools. Incidents like this highlight how quickly unpatched software can become a gateway for intrusions, data theft, and wider network compromise.

For administrators, the immediate priority is to identify any affected deployments, apply vendor guidance, and monitor for signs of compromise. Security experts typically recommend extra logging, access review, and network segmentation while remediation is underway, especially when active exploitation is already underway.