CYBERHAWK / CVE / CVE-2026-10520

CVE-2026-10520

Sentry

ACTIVELY EXPLOITED (KEV) other

The flaw

Ivanti Sentry (formerly known as MobileIron Sentry) contains an OS command injection vulnerability which could allow a remote unauthenticated user to achieve root-level remote code execution. This vulnerability can be successfully exploited

What to do

Review advisory and patch per vendor guidance.

▸ Scan my repo for CVE-2026-10520

References

NVD CISA KEV OSV GitHub Advisory MITRE News search

In the news

More Evidence That Words Don't Mean What We Thought They Meant (Ivanti Sentry Pre-Auth OS Command Injection CVE-2026-10520)watchTowr Labs · 2026-06-10
Critical Ivanti Sentry flaw allows root-level remote code execution (CVE-2026-10520)Help Net Security · 2026-06-10
CVE-2026-10520 Exploited: Ivanti Sentry Gateways Compromised Shortly After Patch ReleaseSecurity Affairs · 2026-06-11

First seen 2026-06-12 · Tracked by PickBits CyberHawk · Weekly CVE digest

← All CVEs RSS Scheduled audits