Threat Advisories

CVE-2026-10520: Critical Ivanti Sentry Flaw Gives Attackers Root Access

6 min read
CVE-2026-10520: Critical Ivanti Sentry Flaw Gives Attackers Root Access

A maximum-severity vulnerability in Ivanti Sentry, tracked as CVE-2026-10520, lets a remote, unauthenticated attacker run commands as root on the appliance. It carries a CVSS score of 10.0, it's already in CISA's Known Exploited Vulnerabilities catalog, and security researchers have confirmed internet-exposed gateways being backdoored within a day of a public proof of concept. If you run Ivanti Sentry with an internet-reachable management interface, patch to a fixed version today and assume compromise until you've checked.

What is CVE-2026-10520?

CVE-2026-10520 is an OS command injection vulnerability (CWE-78) in Ivanti Sentry, the secure mobile gateway formerly known as MobileIron Sentry. The flaw lets a remote attacker with no credentials send a crafted request to an exposed management endpoint, which the backend then parses and executes as a system command with root privileges. The result is full, root-level remote code execution on the appliance.

Ivanti Sentry sits inline between an organization's mobile device fleet and its back-end corporate systems, most commonly Microsoft Exchange for ActiveSync email. That position is what makes this one bad. A root-level compromise of Sentry is, in practice, unrestricted access to every mailbox, application, and authentication path the appliance brokers. Ivanti disclosed the issue on June 9, 2026, and credited it to its responsible disclosure program without naming a specific researcher.

What products and versions are affected?

The vulnerability affects Ivanti Sentry (formerly MobileIron Sentry) in the following version ranges, per the NVD entry for CVE-2026-10520:

  • Ivanti Sentry before R10.5.2
  • Ivanti Sentry R10.6.0 through R10.6.2 (exclusive)
  • Ivanti Sentry R10.7.0

Exposure depends heavily on how the appliance is deployed. The vulnerability is exploitable when Sentry is in an unmanaged state with its endpoints externally reachable, specifically the management interface on port 8443. Deployments that use mTLS with Ivanti EPMM, or restricted HTTPS access through Ivanti Neurons for MDM, keep that interface inaccessible to external actors and are not exposed in the same way. Management interfaces should never face the public internet, but in practice many do.

A second critical flaw, CVE-2026-10523, was disclosed and patched at the same time. It's an authentication bypass that lets an attacker create a rogue administrative account. The two chain cleanly: use the auth bypass to gain a privileged account, then use the command injection to run code as root. Either one alone is enough for a full takeover.

How severe is it?

CVE-2026-10520 carries a CVSS 3.1 base score of 10.0 (Critical), the maximum possible, with the vector AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H. That score comes from Ivanti as the CNA. At the time of writing, NVD has not yet published its own assessment, and no CVSS 4.0 score has been issued.

The vector tells the story. The attack is network-based, requires low complexity, needs no privileges, and needs no user interaction. The scope is changed, meaning the impact reaches beyond the vulnerable component itself, and confidentiality, integrity, and availability are all fully impacted. In plain terms, an attacker who can reach the management interface needs nothing else to take full control.

Two factors raise the urgency further. First, CISA added CVE-2026-10520 to its Known Exploited Vulnerabilities catalog on June 11, 2026, with a remediation due date of June 14, 2026, a three-day window under Binding Operational Directive 26-04. If you're unfamiliar with what that listing signifies, our explainer on Known Exploited Vulnerabilities and why they matter walks through it. Second, exploitation is no longer hypothetical, which we cover below.

Has this been exploited in the wild?

Yes. Ivanti's initial disclosure stated it had no evidence of exploitation prior to public disclosure. That changed fast. After security researchers at watchTowr published a technical breakdown and a working proof of concept, the Shadowserver Foundation reported a large volume of exploitation attempts against internet-exposed Sentry appliances. In its own scans, Shadowserver identified 19 vulnerable instances with at least 2 already backdoored, and warned that any unpatched, exposed instance should be considered compromised.

CISA's decision to add the CVE to the KEV catalog formalized active-exploitation status. The gap between disclosure and weaponization here was measured in hours, not weeks, which is the pattern we keep seeing with edge appliances that expose a management interface to the internet.

A note on the distinction that matters: this moved from "proof of concept exists" to "confirmed compromise in the wild" very quickly. Those are different states, and in this case both are now true.

Are patches available?

Yes. Ivanti released fixed versions on June 9, 2026. Upgrade to one of the following or later:

  • Ivanti Sentry R10.5.2
  • Ivanti Sentry R10.6.2
  • Ivanti Sentry R10.7.1

The fix removes attacker control over the vulnerable endpoint and adds an authentication layer in front of the affected functionality. Ivanti's official notice is published as Security Advisory Ivanti Sentry (CVE-2026-10520, CVE-2026-10523) in its security hub. Given confirmed exploitation and the three-day federal deadline, treat this as same-day urgency for any internet-exposed appliance.

What should you do right now?

Prioritize by exposure. Internet-reachable Sentry appliances come first.

  1. Patch immediately to R10.5.2, R10.6.2, or R10.7.1, or later, on every Sentry appliance. Don't forget production, disaster-recovery, lab, and regional instances.
  2. Assume compromise on exposed, unpatched gateways. Given Shadowserver's findings, any internet-exposed instance that wasn't patched promptly should be treated as potentially backdoored, not simply patched and moved on from.
  3. Audit administrative accounts for any that weren't provisioned by your team. Unexpected admin accounts are a likely indicator of exploitation via the companion CVE-2026-10523.
  4. Review access logs for unexpected POST requests to the Sentry management endpoint from unfamiliar source addresses.
  5. Restrict the management interface. Port 8443 should never be reachable from the public internet. Confirm mTLS with EPMM or restricted HTTPS through Neurons for MDM where applicable.
  6. Follow CISA's BOD 26-04 guidance if you're a covered agency, including the forensic triage requirements referenced in the KEV entry.

How Halo Security can help

If you're trying to answer "do we run any affected Ivanti Sentry versions, and are they exposed?" the hard part is usually inventory, not patching. You can't fix what you don't know is reachable.

Halo Security's Vulnerability Scanning is actively detecting CVE-2026-10520 for customers, so you can find every exposed Sentry appliance across your attack surface instead of chasing them down by hand across business units and regions.

FAQ

Is CVE-2026-10520 being actively exploited?

Yes. After a public proof of concept was released, the Shadowserver Foundation observed widespread exploitation attempts and confirmed backdoored internet-exposed Sentry appliances. CISA added the vulnerability to its Known Exploited Vulnerabilities catalog on June 11, 2026, confirming active exploitation.

How quickly do I need to patch?

Treat any internet-exposed Ivanti Sentry appliance as same-day urgency. CISA set a remediation due date of June 14, 2026 for federal agencies, a three-day window, and exposed appliances are being compromised within a day of a public proof of concept. Internal-only deployments are lower risk but should still be patched promptly.

How can I tell if I'm affected?

Check whether you run Ivanti Sentry before R10.5.2, R10.6.0 through R10.6.2, or R10.7.0, and whether the management interface on port 8443 is reachable from the internet. An external scanning tool that detects affected versions across your attack surface can confirm exposure faster than a manual inventory.

Is CVE-2026-10520 in the CISA KEV catalog?

Yes. CISA added it on June 11, 2026, with a remediation due date of June 14, 2026 under Binding Operational Directive 26-04.

What's the difference between CVE-2026-10520 and CVE-2026-10523?

CVE-2026-10520 is the root-level OS command injection flaw. CVE-2026-10523 is a companion authentication bypass, also critical, that lets an attacker create a rogue admin account. They were patched together and can be chained, though either is sufficient for a full takeover on its own.

Stay ahead of your exposure

If you run Ivanti Sentry or any internet-facing appliance, the fastest way to reduce risk is knowing exactly what you have exposed before an attacker does. Halo Security's external vulnerability management makes it easy to find every affected asset across your attack surface in minutes, so you can prioritize the exposures that matter and patch with confidence.

New CVEs land daily. Halo Threat Intelligence scores each one's internet-facing exposure with the Surface Signal 1-5 rating so you know what to prioritize.