Ivanti Sentry pre-auth RCE (CVE-2026-10520) – CVSS 10.0, public PoC, CISA KEV
4 hours ago
- #Cybersecurity
- #Vulnerability
- #Ivanti
- CVE-2026-10520 is a critical unauthenticated OS command injection vulnerability in Ivanti Sentry, with a CVSS score of 10.0, allowing remote root-level code execution and listed in CISA's KEV with a 3-day remediation deadline.
- Affected versions include Ivanti Sentry R10.5.x, R10.6.x, and R10.7.x before R10.5.2, R10.6.2, or R10.7.1; a public PoC is available, and exploitation is confirmed in the wild.
- To find exposed instances, scan for port 8443, inspect TLS certificates for Ivanti/MobileIron signs, fingerprint HTTP headers, query DNS for naming patterns, and use tools like RECON or SHODAN.
- Remediation involves immediate patching, restricting network access to port 8443, using mTLS, checking for compromise indicators, and addressing related CVE-2026-10523, an authentication bypass with CVSS 9.9.
- Ivanti Sentry serves as a gateway for mobile device traffic, often in DMZs; compromise can lead to pivoting into email servers and internal networks, making rapid identification and patching essential.