securityaffairs.com 6/11/2026, 6:31:10 PM · external

Ivanti Sentry gateways compromised by CVE-2026-10520 injection bug

Developing story vulnerability 7 articles tracked

Ivanti Sentry OS command injection flaw (CVE-2026-10520) exploited in the wild

CyberSIXT Evidence Panel

Primary Source

hub.ivanti.com

CVE Intel

CVE-2026-10520 - NVD Not in KEV 10 CRITICAL Patch Unknown

CISA KEV Not in KEV

Patch Patch Status Unknown

ATTACKERS are exploiting a critical OS command injection vulnerability, CVE-2026-10520, in Ivanti Sentry, which allows remote code execution with root privileges. Despite initial claims of no active exploitation, security researchers from Shadowserver reported multiple compromised Ivanti Sentry gateways shortly after patches were released. This vulnerability is significant as Ivanti Sentry serves as a gateway between corporate systems and mobile devices, putting businesses at risk if compromised.

Ivanti has yet to update their advisory regarding active exploitation, but given the nature of the vulnerability, prompt patching is strongly advised to secure enterprise networks.

View Primary Source Via securityaffairs.com

Article by CyberSIXT

Timeline Coverage

Swipe to explore timeline

#7 Jun 11, 2026, 07:44 PM

cybersixt.com
CISA warns of Ivanti Sentry flaw granting remote root access
#6 Jun 11, 2026, 07:40 PM

cybersixt.com
Critical Ivanti Sentry flaw exploited 24 hours after disclosure
#5 Jun 11, 2026, 05:57 PM Current article

securityaffairs.com
Ivanti Sentry gateways compromised by CVE-2026-10520 injection bug
#4 Jun 10, 2026, 02:52 PM

cybersixt.com
CVE-2026-10520 lets hackers run root on Ivanti Sentry
#3 Jun 10, 2026, 11:30 AM

cybersixt.com
CVE-2026-10520, CVE-2026-10523 - Multiple critical vulnerabilities affecting Ivanti Sentry
#2 Jun 10, 2026, 09:11 AM

cybersixt.com
Critical Vulnerabilities Patched in Fortinet, Ivanti Products
#1 Jun 10, 2026, 06:10 AM

cybersixt.com
Ivanti patches CVE-2026-10520 gateway flaw after urgent alert