Two CVSS 9.5 authentication bypass vulnerabilities in Ivanti Standalone Sentry were actively exploited within 24 hours of public disclosure, with evidence of pre-disclosure reconnaissance suggesting threat actors had pre-mapped Ivanti Sentry deployments before the advisory was published. Ivanti Sentry serves as a gateway controlling mobile device access to enterprise email and internal applications, so successful exploitation grants unauthenticated access to corporate communications infrastructure and downstream enterprise systems. This is an emergency patching event — CERT-EU issued advisory 2026-008 and the EPSS score of 0.4791 places these CVEs at the 97.8th percentile for exploitation probability.