Back

Critical Ivanti Sentry Flaw Allows Remote Code Execution as Root

Severity: High (Score: 70.5)

Sources: vulnerability.circl.lu, www.cve.org, Digital.Nhs.Uk, Aiweekly.Co, Bleepingcomputer

Published: 2026-06-10 · Updated: 2026-06-10

Keywords: ivanti, sentry, flaw, code, root, enables, remote

Severity indicators: flaw, ot

Summary

Ivanti has patched two critical vulnerabilities in its Sentry secure mobile gateway, including CVE-2026-10520, which allows remote attackers to execute code with root privileges via OS command injection. The second vulnerability, CVE-2026-10523, is an authentication bypass that enables unauthenticated attackers to create rogue administrative accounts. Both vulnerabilities were disclosed on June 9, 2026, with no evidence of active exploitation reported at the time. The affected versions are prior to R10.5.2, R10.6.2, and R10.7.1. The Cybersecurity and Infrastructure Security Agency (CISA) has previously warned about Ivanti vulnerabilities being targeted in attacks. Security teams are advised to upgrade their systems to mitigate potential risks. Ivanti serves over 40,000 clients globally, making the impact potentially widespread. Key Points: • CVE-2026-10520 allows remote code execution with root privileges. • CVE-2026-10523 enables unauthenticated attackers to gain administrative access. • No active exploitation has been confirmed at the time of disclosure.

Detailed Analysis

**Impact** Ivanti Sentry users, including enterprises relying on secure mobile gateway solutions, are affected globally, with over 40,000 clients potentially exposed. The vulnerabilities allow remote code execution as root and administrative account creation, risking full system compromise and unauthorized access to corporate networks. This could lead to data breaches involving sensitive corporate and customer information, impacting sectors that depend on Ivanti’s security appliances. No active exploitation has been reported at the time of disclosure. **Technical Details** The primary vulnerability (CVE-2026-10520) is an OS command injection flaw enabling unauthenticated remote attackers to execute code with root privileges. A second critical flaw (CVE-2026-10523) allows authentication bypass to create rogue administrative accounts remotely. The attack vector is remote and pre-authentication, affecting Ivanti Sentry versions prior to R10.5.2, R10.6.2, and R10.7.1. No malware or specific tools have been identified, and no indicators of compromise are currently available. **Recommended Response** Apply Ivanti Sentry patches immediately by upgrading to versions R10.5.2, R10.6.2, or R10.7.1. Deploy detection rules available from Rulezet and monitor for unusual administrative account creation or command execution activity. Maintain heightened vigilance for proof-of-concept exploits expected soon and monitor relevant threat intelligence sources for updates.

Source articles (6)

  • Ivanti Sentry Pre-Auth RCE Scores Perfect CVSS 10 — Aiweekly.Co · 2026-06-10
    Government advisory adds official exploitation-status assessment: no active exploitation at disclosure, PoC expected soon, medium probability but high damage potential, lists all three patched branche…
  • Ivanti: Max severity Sentry flaw allows code execution as root — Bleepingcomputer · 2026-06-10
    Security software company Ivanti has released patches to address two critical vulnerabilities in its Sentry secure mobile gateway solution, including a maximum-severity flaw that enables remote attack…
  • CC-4795 — Digital.Nhs.Uk · 2026-06-10
    If exploited, two critical vulnerabilities could allow for unauthenticated OS command injection or authentication bypass If exploited, two critical vulnerabilities could allow for unauthenticated OS c…
  • Ncsc 2026 0180 — vulnerability.circl.lu · 2026-06-10
    An OS Command Injection vulnerability in Ivanti Sentry versions prior to R10.5.2, R10.6.2, and R10.7.1 enables remote unauthenticated attackers to execute code with root privileges. Detection rules ar…
  • Status Published CVE-2026-10520 An OS Command Injection vulnerability in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote unauthenticated user to achieve root-level remote code execution — www.cve.org · 2026-06-10
  • Status Published CVE-2026-10523 An Authentication Bypass vulnerability (CWE-288) in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote unauthenticated attacker to create arbitrary administrative accounts and obtain full administrative access — www.cve.org · 2026-06-10

Timeline

  • 2026-06-09 — CVE-2026-10520 and CVE-2026-10523 published: Ivanti disclosed two critical vulnerabilities affecting Sentry versions prior to R10.5.2, R10.6.2, and R10.7.1.
  • 2026-06-10 — Patches released for vulnerabilities: Ivanti released updates to address the critical vulnerabilities in Sentry, urging clients to upgrade immediately.
  • Recent — CISA issues warning on Ivanti vulnerabilities: CISA previously alerted federal agencies to patch Ivanti devices due to high-severity vulnerabilities being exploited.

CVEs

  • CVE-2026-10520
  • CVE-2026-10523

Related entities

  • Zero-day Exploit (Attack Type)
  • CWE-287 - Improper Authentication (Cwe)
  • CWE-78 - OS Command Injection (Cwe)
  • Government (Industry)
  • T1059 - Command and Scripting Interpreter (Mitre Attack)
  • T1136.001 - Local Account (Mitre Attack)
  • Ivanti Sentry (Platform)
  • MobileIron Sentry (Platform)
  • SolarWinds (Company)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed