Back to Blog
CVE-2026-10520, CVE-2026-10523: Ivanti Sentry — Remote Root Code Execution Risk (June 2024)
vulnerabilities

CVE-2026-10520, CVE-2026-10523: Ivanti Sentry — Remote Root Code Execution Risk (June 2024)

breachwire TeamJun 11, 20262 min read

CVE-2026-10520, CVE-2026-10523 — Ivanti Sentry

Two critical vulnerabilities, CVE-2026-10520 and CVE-2026-10523, have been identified in Ivanti Sentry secure mobile gateway. Both carry a maximum severity rating and allow unauthenticated remote attackers to execute arbitrary code as root. There is currently no evidence of exploitation in the wild, but the risk profile is high and immediate remediation is advised.

Attack Vector

The primary flaw is an OS command injection vulnerability accessible over the network. Attackers can exploit this by sending crafted requests to exposed Sentry interfaces, enabling execution of arbitrary commands with root privileges. Successful exploitation can also result in the creation of rogue administrative accounts, granting persistent control over the device. No specific indicators of compromise have been published, but network traffic anomalies and unauthorized administrative actions are likely signals.

Who Is at Risk

All organizations deploying Ivanti Sentry devices are affected. The vulnerabilities impact supported versions of Ivanti Sentry used globally as secure mobile gateways. Enterprises relying on Sentry for mobile device access control and secure email are at elevated risk, especially if management interfaces are internet-exposed.

Patch & Mitigate

  • Patch: Apply the latest Ivanti Sentry security updates released June 2024. Check Ivanti’s advisory for exact version details and deploy patches immediately.
  • Workaround: No official workaround is available. Restrict network access to Sentry management interfaces as a temporary measure.
  • Detect: Monitor logs for unusual administrative account creation, unexpected root-level actions, and anomalous inbound requests to Sentry endpoints.

MITRE ATT&CK

  • TA0001 — Initial Access: Attackers can remotely access and exploit the vulnerable Sentry interface.
  • TA0003 — Persistence: Creation of rogue admin accounts enables ongoing control over compromised devices.

Source: https://www.bleepingcomputer.com/news/security/new-max-severity-ivanti-sentry-flaw-allows-code-execution-as-root/

View Original Source

Start Your 14-Day Free Trial

Get curated cyber intelligence delivered to your inbox every morning at 6 AM. No credit card required.

Get Started Free
Share this article:

Related Articles

CVE-2026-23111: Linux Kernel nf_tables — Local Root Escalation Risk (June 2026)
vulnerabilities

CVE-2026-23111: Linux Kernel nf_tables — Local Root Escalation Risk (June 2026)

2 min read
CVE-2026-20253: Splunk Enterprise — Unauthenticated File Manipulation, RCE, SSRF, XSS (June 2026)
vulnerabilities

CVE-2026-20253: Splunk Enterprise — Unauthenticated File Manipulation, RCE, SSRF, XSS (June 2026)

2 min read
CVE-2026-5027: Langflow Path Traversal — Unauthenticated File Write Risk (June 2026)
vulnerabilities

CVE-2026-5027: Langflow Path Traversal — Unauthenticated File Write Risk (June 2026)

2 min read