CVE-2026-10520

Confirmed PUBLISHED

An OS Command Injection vulnerability in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote unauthenticated user to...

ivanti · Sentry

1 day faster than CISA KEV

Exploited in the wild Active exploitation observed PoC available Virtual patch available

Recommended Action

Prioritize immediate patching and validate internet-facing exposure. Monitor for matching exploitation attempts in your environment.

Confidence
Confirmed
Exploitation Status
Active exploitation observed
Observed in Sensors
Yes
Attempts (30d)
6,096
Unique Attacker IPs
152
CISA KEV
In CISA KEV
Virtual Patch
Yes 3 targets
CVSS / EPSS
10.0 Critical EPSS 99.0%

At a Glance

An OS Command Injection vulnerability in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote unauthenticated user to achieve root-level remote code execution

edge nuclei_scanner cisa
CVE Published
Jun 09, 2026
Exploited Since
Jun 10, 2026
CVSS
10.0 Critical
EPSS
99.0%
Remote Low complexity No user interaction Unauthenticated

Affected Versions

Vendor Product Version Status
ivanti
Sentry

R10.5.2

Unaffected
ivanti
Sentry

R10.6.2

Unaffected
ivanti
Sentry

R10.7.1

Unaffected

CVE References

Recommended Actions

  • Prioritize immediate patching and validate internet-facing exposure. Monitor for matching exploitation attempts in your environment.
  • Review sensor telemetry for request paths, attacker IPs, and payload patterns that may inform detection and exposure validation.
  • Check enrichment artifacts for scanner coverage and available PoCs before rolling remediation validation.
  • Use the Pro API to automate enrichment, telemetry, and workflow delivery for VM, SOC, and CTI pipelines.