Skip to main content

Ivanti Sentry CVE-2026-10520

| EUVD-2026-35440 CRITICAL
OS Command Injection (CWE-78)
2026-06-09 ivanti GHSA-v2vc-rgvq-3pwf
RCE Ivanti Command Injection Sentry
10.0
CVSS 3.1 · Vendor: ivanti
Share

Severity by source

Vendor (ivanti) PRIMARY
10.0 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
ENISA EUVD
CRITICAL
qualitative

Primary rating from Vendor (ivanti).

CVSS VectorVendor: ivanti

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

3
Added to CISA KEV
Jun 11, 2026 - 19:16 CISA
Analysis Generated
Jun 09, 2026 - 15:45 vuln.today
CVE Published
Jun 09, 2026 - 14:10 nvd
CRITICAL 10.0

DescriptionCVE.org

An OS Command Injection vulnerability in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote unauthenticated user to achieve root-level remote code execution

Articles & Coverage 4

labs.watchtowr.com Ivanti Sentry Pre-Auth RCE (CVE-2026-10520) and Auth Bypass (CVE-2026-10523) - CVSS 10 Dual Vulnerabilities Jun 10, 2026 News 3 New Ivanti Vulnerabilities - 2 Critical, 1 High Severity Jun 10, 2026 POC Ivanti Sentry Auth Bypass + RCE PoC: CVE-2026-10520 & CVE-2026-10523 Jun 09, 2026 News Critical RCE in Ivanti Sentry (Unauthenticated OS Command Injection) - CVE-2026-10520 Jun 09, 2026

AnalysisAI

Remote code execution in Ivanti Sentry before R10.5.2, R10.6.2, and R10.7.1 allows unauthenticated remote attackers to achieve root-level command execution via OS command injection. With a maximum CVSS score of 10.0 and a network-accessible, no-interaction attack vector, this represents a critical exposure for any internet-facing Sentry appliance, though no public exploit has been identified at time of analysis.

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts
Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Identify exposed Sentry interface
Delivery
Send crafted HTTP request with injected shell metacharacters
Exploit
Trigger OS command injection in unsanitized parameter
Execution
Execute arbitrary commands as root
Persist
Extract credentials and deploy webshell
Impact
Pivot to Exchange and Active Directory
Sign in to reveal

Vulnerability AssessmentAI

Exploitation No special conditions - remote unauthenticated exploitation against default configurations of Ivanti Sentry where the attacker has network reachability to the vulnerable service endpoint (CVSS AV:N/AC:L/PR:N/UI:N). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment All available signals point to this being a top-priority issue: CVSS 10.0 with AV:N/AC:L/PR:N/UI:N means trivially reachable over the network with no authentication or user interaction, and C:H/I:H/A:H with S:C means full host compromise crossing trust boundaries. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker scans for internet-exposed Ivanti Sentry administrative or system interfaces, then sends a single crafted HTTP request containing shell metacharacters in a parameter that is passed unsanitized to an OS command. The injected command executes as root on the appliance, giving the attacker a foothold from which to harvest configuration secrets (Kerberos keytabs, Exchange service credentials, certificates), pivot into the internal Exchange/AD environment, and deploy a persistent webshell or reverse tunnel.
Remediation Vendor-released patches are available: upgrade to Ivanti Sentry R10.5.2, R10.6.2, or R10.7.1 (or later) on the corresponding maintenance branch per the advisory at https://hub.ivanti.com/s/article/Security-Advisory-Ivanti-Sentry-CVE-2026-10520-CVE-2026-10523?language=en_US. … Detailed patch versions, workarounds, and compensating controls in full report.
Sign in to read full assessment

Recommended ActionAI

Within 24 hours: Identify all Ivanti Sentry deployments and immediately isolate or disconnect any internet-facing instances from public networks. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-10520 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy