Ivanti: Max severity Sentry flaw allows code execution as root
Ivanti patches critical Sentry flaw allowing root code execution and auth bypass.
Summary
Ivanti has released patches for two critical vulnerabilities in its Sentry secure mobile gateway solution. The most severe, CVE-2026-10520, is an OS command injection flaw allowing remote attackers to execute code as root. A second critical vulnerability, CVE-2026-10523, enables unauthenticated attackers to bypass authentication and create rogue administrative accounts. Ivanti states there is no evidence of these vulnerabilities being exploited in the wild.
Full text
Ivanti: Max severity Sentry flaw allows code execution as root By Sergiu Gatlan June 10, 2026 02:26 AM 0 Security software company Ivanti has released patches to address two critical vulnerabilities in its Sentry secure mobile gateway solution, including a maximum-severity flaw that enables remote attackers to execute code with root privileges. Formerly known as MobileIron Sentry, Ivanti Sentry is a security gateway appliance that secures traffic between back-end corporate systems and remote mobile devices. Tracked as CVE-2026-10520, the maximum-severity vulnerability stems from an OS command injection weakness. The second Sentry security flaw patched on Tuesday (tracked as CVE-2026-10523) is a critical authentication bypass that can be exploited remotely by unauthenticated attackers to create rogue administrative accounts and gain full administrative access. Ivanti patched both security issues on Tuesday with the release of Sentry versions R10.5.2, R10.6.2, and R10.7.1. Luckily, the company said it has no evidence that the two vulnerabilities are being exploited in the wild and advised admins to upgrade their systems to protect against potential attacks. "We are not aware of any customers being exploited by these vulnerabilities at the time of disclosure," Ivanti said. "Currently, there is no known public exploitation of this vulnerability that could be used to provide a list of indicators of compromise." In recent years, Ivanti vulnerabilities have often been targeted in attacks because they provide an easy way for cybercriminals to breach targets' enterprise networks and steal sensitive corporate and customer data. For instance, most recently, the Cybersecurity and Infrastructure Security Agency (CISA) ordered U.S. federal agencies in May to patch their Ivanti devices after the company warned customers to immediately patch a high-severity remote code execution vulnerability in Endpoint Manager Mobile (EPMM) that was exploited in zero-day attacks. Multiple other Ivanti zero-days have been exploited in recent years to breach a wide range of targets, including government agencies worldwide, including two other critical EPMM vulnerabilities addressed by Ivanti in January after being exploited as zero-days in attacks against a "very limited number of customers." In total, CISA has tagged 34 vulnerabilities across various SolarWinds products as actively exploited in attacks over the past several years, with 12 of them also used in ransomware attacks. Ivanti's IT asset management solutions are used by over 40,000 clients worldwide and are supported by a network of over 7,000 partners and over 3,000 employees. Test every layer before attackers do Security teams log 54% of successful attacks and alert on just 14%. The rest move through your environment unseen.The Picus whitepaper shows how breach and attack simulation tests your SIEM and EDR rules so threats stop slipping by detection. Get the whitepaper Related Articles: Exploit released for Ivanti Sentry bug abused as zero-day in attacksIvanti warns of new actively exploited MobileIron zero-day bugCISA gives feds four days to patch Ivanti flaw exploited as zero-dayIvanti warns of new EPMM flaw exploited in zero-day attacksIvanti fixes EPMM zero-days chained in code execution attacks
Indicators of Compromise
- cve — CVE-2026-10520
- cve — CVE-2026-10523