Yes, another Ivanti KEV. The command injection flaw lets a remote unauthenticated user run OS commands with root privileges — no credentials, no foothold required — and CISA's addition confirms in-the-wild exploitation is happening now, not theoretically. Ivanti has had a rough stretch of KEV additions this year. Teams running Sentry deployments should treat this as active incident triage: check exposure, apply available patches, and audit for signs of compromise. If no patch is yet available, restrict network access to the management interface immediately.