[Verse 1] Two vulnerabilities sitting in the queue June eighteen, twenty-twenty-six, they're coming straight for you First one hits PeopleSoft, Oracle's enterprise kit PeopleTools is missing something — authentication's the bit No password, no handshake, no credential at the door An unauthenticated stranger walking straight across the floor Full takeover waiting, ransomware's at the gate CVE-2026-35273, don't wait [Chorus] Patch the function with no lock, patch it now before the knock Ransomware's already sniffing at the frame Ivanti Sentry's cracking wide, OS commands slipping inside Root-level execution — attackers claim the name These aren't hypotheticals, these are live and critical Seal the entry points before the damage lands CVE-2026-35273 and ten-five-twenty Both wide open — security demands [Verse 2] Second target — Ivanti Sentry, formerly MobileIron's child Remote unauthenticated user running commands wild OS command injection, no credentials in the mix A stranger typing root-level instructions, getting fixes CVE-2026-10520 is the label on this wound Sentry's supposed to guard your mobile fleet, instead it's getting pruned Remote code execution at the highest privilege tier No login necessary — that's the detail you should fear [Chorus] Patch the function with no lock, patch it now before the knock Ransomware's already sniffing at the frame Ivanti Sentry's cracking wide, OS commands slipping inside Root-level execution — attackers claim the name These aren't hypotheticals, these are live and critical Seal the entry points before the damage lands CVE-2026-35273 and ten-five-twenty Both wide open — security demands [Verse 3] Your security team is staring at the screen Two CVSS tens — the worst scores ever seen HR data, payroll records, everything exposed One unpatched system and the enterprise gets hosed Defenders need to audit every internet-facing node Check your Sentry version, check your PeopleTools load The advisory dropped, the clock is ticking down the hall One missed update and attackers own it all [Bridge] Missing authentication means the bouncer never showed Command injection means the payload found its road Two different vendors, two different broken chains PeopleSoft and Sentry — different products, matching pains Ransomware's already flagged the PeopleTools flaw That's the signal — active targeting, not theory anymore Prioritize your patching, run the vendor advisory June eighteen is the timestamp — move with urgency [Chorus] Patch the function with no lock, patch it now before the knock Ransomware's already sniffing at the frame Ivanti Sentry's cracking wide, OS commands slipping inside Root-level execution — attackers claim the name These aren't hypotheticals, these are live and critical Seal the entry points before the damage lands CVE-2026-35273 and ten-five-twenty Both wide open — security demands
← Critical CVEs (2 of 3) — June 18, 2026 | IT Security News — June 18, 2026 →