CyberSec.Space Logo
Back to CVE Browser

CVE-2026-10520

Known Exploited (CISA KEV)CRITICAL
10.0
CVSS Severity Score
EPSS Score70.5730%
EPSS Percentile97.41th
PublishedJun 9, 2026
Last ModifiedJun 12, 2026

Vulnerability Description

An OS Command Injection vulnerability in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote unauthenticated user to achieve root-level remote code execution

Affected Platforms (CPE)

📦
Ivanti

Sentry

Refer to description

References & Advisories

🔗 https://hub.ivanti.com/s/article/Security-Advisory-Ivanti-Sentry-CVE-2026-10520-CVE-2026-10523?language=en_US
🔗 https://github.com/watchtowrlabs/watchTowr-vs-Ivanti-Sentry-RCE-CVE-2026-10520-CVE-2026-10523
🔗 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-10520

Related Vulnerabilities

CVE-2008-132010.0

Multiple buffer overflows in ASG-Sentry Network Manager 7.0.0 and earlier allow remote attackers to execute arbitrary code or caus...

CVE-2020-155059.8

A remote code execution vulnerability in MobileIron Core & Connector versions 10.3.0.3 and earlier, 10.4.0.0, 10.4.0.1, 10.4.0.2, ...

CVE-2013-72879.8

MobileIron VSP < 5.9.1 and Sentry < 5.0 has an insecure encryption scheme.

CVE-2016-45209.8

Schneider Electric Pelco Digital Sentry Video Management System with firmware before 7.14 has hardcoded credentials, which allows ...