Ivanti released patches in the current disclosure cycle addressing authentication bypass and OS command injection class vulnerabilities across its network appliance and VPN gateway product lines. Ivanti’s sustained presence on the CISA KEV catalog and documented history of rapid post-disclosure exploitation make this a high-urgency patching event even without confirmed active exploitation at time of publication. The window between Ivanti disclosure and weaponization has historically been measured in days, not weeks.