CVE- 2026-10520 is a critical OS command injection vulnerability in Ivanti Sentry, allowing remote unauthenticated attackers to execute commands with root privileges. The flaw, rated with a CVSS score of 10.0, affects Ivanti Sentry versions prior to R10.5.2, R10.6.2, and R10.7.1, necessitating urgent patching. While there is currently no confirmed exploitation in the wild, the existence of public Proof-of-Concept exploits amplifies the urgency to update systems.
Compromise of Ivanti Sentry could lead to extensive threats, including data exfiltration and internal network access. Defenders are advised to patch immediately, reduce exposure while patching, and monitor for signs of compromise.