Ivanti Sentry (formerly known as MobileIron Sentry) contains an OS command injection vulnerability which could allow a remote unauthenticated user to achieve root-level remote code execution. This vulnerability can be successfully exploited in cases where the Sentry appliance is in an unmanaged state with its endpoints externally reachable. The use of mTLS with EPMM or restricted HTTPS access through Neurons for MDM makes interfaces inaccessible to external actors.
[POC] CVE-2026-10520 — CVE-2026-10520
Root-Level RCE via OS Command Injection in Ivanti Sentry
[POC] CVE-2026-10520 — CVE-2026-10520
CVE-2026-10520
[POC] CVE-2026-10520 — CVE-2026-10520-10523
CVE-2026-10520 and CVE-2026-10523
[POC] CVE-2026-10520 — CVE-2026-10520
CVE-2026-10520 - Ivanti Sentry Pre-Auth OS Command Injection Mass Scanner
Get alerted for CVEs like this
Register your stack and get notified within minutes when a matching CVE drops.
Start monitoring free