CVE Details

CVE-2026-10520 Ivanti Sentry OS Command Injection Vulnerability
Published: 2026-06-11 CVSS: 10 CRITICAL Product: Ivanti Sentry Due Date: 2026-06-14

Ivanti Sentry (formerly known as MobileIron Sentry) contains an OS command injection vulnerability which could allow a remote unauthenticated user to achieve root-level remote code execution. This vulnerability can be successfully exploited in cases where the Sentry appliance is in an unmanaged state with its endpoints externally reachable. The use of mTLS with EPMM or restricted HTTPS access through Neurons for MDM makes interfaces inaccessible to external actors.

GitHub PoC

Warning: GitHub PoC repositories are unverified. Some may be fake or contain malware. Use caution and review code before running anything.

FIRST EPSS

EPSS estimates the probability of exploitation in the next 30 days. Higher values indicate higher likelihood of real-world exploitation.

Timeline

CVE Stalker KEV MITRE GitHub FIRST (EPSS)

MITRE

CVSS

  • Score: 10
  • Severity: CRITICAL
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

SSVC

  • Exploitation: active
  • Automatable: yes
  • Technical Impact: total

References

Show Raw Data
Key Remaining Key Value
dataType CVE_RECORD
dataVersion 5.2
cveMetadata > cveId CVE-2026-10520
cveMetadata > assignerOrgId 3c1d8aa1-5a33-4ea4-8992-aadd6440af75
cveMetadata > state PUBLISHED
cveMetadata > assignerShortName ivanti
cveMetadata > dateReserved 2026-06-01T08:47:35.793Z
cveMetadata > datePublished 2026-06-09T14:10:21.581Z
cveMetadata > dateUpdated 2026-06-11T19:19:08.088Z
containers > cna > providerMetadata > orgId 3c1d8aa1-5a33-4ea4-8992-aadd6440af75
containers > cna > providerMetadata > shortName ivanti
containers > cna > providerMetadata > dateUpdated 2026-06-09T14:10:21.581Z
containers > cna > problemTypes > 0 > descriptions > 0 > lang en
containers > cna > problemTypes > 0 > descriptions > 0 > cweId CWE-78
containers > cna > problemTypes > 0 > descriptions > 0 > description CWE-78 Improper neutralization of special elements used in an OS command ('OS command injection')
containers > cna > problemTypes > 0 > descriptions > 0 > type CWE
containers > cna > impacts > 0 > capecId CAPEC-248
containers > cna > impacts > 0 > descriptions > 0 > lang en
containers > cna > impacts > 0 > descriptions > 0 > value CAPEC-248 Command Injection
containers > cna > affected > 0 > vendor ivanti
containers > cna > affected > 0 > product Sentry
containers > cna > affected > 0 > versions > 0 > status unaffected
containers > cna > affected > 0 > versions > 0 > version R10.5.2
containers > cna > affected > 0 > versions > 1 > status unaffected
containers > cna > affected > 0 > versions > 1 > version R10.6.2
containers > cna > affected > 0 > versions > 2 > status unaffected
containers > cna > affected > 0 > versions > 2 > version R10.7.1
containers > cna > affected > 0 > defaultStatus affected
containers > cna > descriptions > 0 > lang en
containers > cna > descriptions > 0 > value An OS Command Injection vulnerability in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote unauthenticated user to achieve root-level remote code execution
containers > cna > descriptions > 0 > supportingMedia > 0 > type text/html
containers > cna > descriptions > 0 > supportingMedia > 0 > base64 False
containers > cna > descriptions > 0 > supportingMedia > 0 > value An OS Command Injection vulnerability in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote unauthenticated user to achieve root-level remote code execution 
containers > cna > references > 0 > url https://hub.ivanti.com/s/article/Security-Advisory-Ivanti-Sentry-CVE-2026-10520-CVE-2026-10523?language=en_US
containers > cna > metrics > 0 > format CVSS
containers > cna > metrics > 0 > scenarios > 0 > lang en
containers > cna > metrics > 0 > scenarios > 0 > value GENERAL
containers > cna > metrics > 0 > cvssV3_1 > version 3.1
containers > cna > metrics > 0 > cvssV3_1 > attackVector NETWORK
containers > cna > metrics > 0 > cvssV3_1 > attackComplexity LOW
containers > cna > metrics > 0 > cvssV3_1 > privilegesRequired NONE
containers > cna > metrics > 0 > cvssV3_1 > userInteraction NONE
containers > cna > metrics > 0 > cvssV3_1 > scope CHANGED
containers > cna > metrics > 0 > cvssV3_1 > confidentialityImpact HIGH
containers > cna > metrics > 0 > cvssV3_1 > integrityImpact HIGH
containers > cna > metrics > 0 > cvssV3_1 > availabilityImpact HIGH
containers > cna > metrics > 0 > cvssV3_1 > baseSeverity CRITICAL
containers > cna > metrics > 0 > cvssV3_1 > baseScore 10
containers > cna > metrics > 0 > cvssV3_1 > vectorString CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
containers > cna > source > discovery UNKNOWN
containers > cna > x_generator > engine Vulnogram 1.0.2
containers > adp > 0 > references > 0 > url https://github.com/watchtowrlabs/watchTowr-vs-Ivanti-Sentry-RCE-CVE-2026-10520-CVE-2026-10523
containers > adp > 0 > references > 0 > tags > 0 exploit
containers > adp > 0 > references > 1 > url https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-10520
containers > adp > 0 > references > 1 > tags > 0 government-resource
containers > adp > 0 > metrics > 0 > other > type ssvc
containers > adp > 0 > metrics > 0 > other > content > timestamp 2026-06-11T19:17:49.101203Z
containers > adp > 0 > metrics > 0 > other > content > id CVE-2026-10520
containers > adp > 0 > metrics > 0 > other > content > options > 0 > Exploitation active
containers > adp > 0 > metrics > 0 > other > content > options > 1 > Automatable yes
containers > adp > 0 > metrics > 0 > other > content > options > 2 > Technical Impact total
containers > adp > 0 > metrics > 0 > other > content > role CISA Coordinator
containers > adp > 0 > metrics > 0 > other > content > version 2.0.3
containers > adp > 0 > title CISA ADP Vulnrichment
containers > adp > 0 > providerMetadata > orgId 134c704f-9b21-4f2e-91b3-4a467353bcc0
containers > adp > 0 > providerMetadata > shortName CISA-ADP
containers > adp > 0 > providerMetadata > dateUpdated 2026-06-11T19:19:08.088Z