CVE-2026-10520

CRITICAL · 10.0 KEV EPSS 59.5%

hype LIKELY HACK · 78 hack

Working PoC public, in-the-wild exploitation confirmed, defenders triaging now; not yet KEV-listed.

What: OS Command Injection in Ivanti Sentry (pre-R10.5.2/R10.6.2/R10.7.1) enabling unauthenticated remote root code execution. CVSS 10.0 CRITICAL.

Why it matters: Public PoC dropped June 9; defenders report active exploitation in-the-wild, confirmed backdoored instances, and mass vulnerable infrastructure. Ivanti has issued patches. Not yet KEV-listed but exploitation signal is credible and widespread.

Where it's seen: Security researchers posting detection telemetry (19+ vulns scanned, 2+ confirmed compromised), public PoC availability, ShadowServer IP feeds tagged for the CVE, patch advisories from Ivanti, and urgent defender triage chatter across social media.

RISK: CRITICAL — Unauthenticated RCE as root; active exploitation observed; widespread vulnerable population.

Generated by claude-haiku-4-5 from public posts and authoritative metadata. AI can make mistakes — verify against vendor advisories before acting. 6/11/2026, 12:44:40 AM

Description

An OS Command Injection vulnerability in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote unauthenticated user to achieve root-level remote code execution

CVSS 3.1 breakdown

Exploitability 3.9 · Impact 6.0

vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Attack vector: Network
Complexity: Low
Privileges required: None
User interaction: None
Scope: Changed
Confidentiality: High
Integrity: High
Availability: High

Weaknesses

CWE-78

References

Other · 1

https://hub.ivanti.com/s/article/Security-Advisory-Ivanti-Sentry-CVE-2026-10520-CVE-2026-10523?language=en_US