THE US Cybersecurity and Infrastructure Security Agency (CISA) has flagged a recently patched Ivanti Sentry vulnerability (CVE-2026-10520) with a critical CVSS score of 10/10, identified as an OS command injection that can be exploited remotely to execute arbitrary code with root privileges. Although Ivanti has issued patches and claims there is no evidence of actual exploitation, CISA included it in its Known Exploited Vulnerabilities (KEV) catalog, urging federal agencies to address it within three days. Ivanti indicates the risk depends on proper configuration, urging users to avoid exposing management interfaces to the internet.
Ivanti Sentry Exploitation Attempts Hitting Honeypots
CyberSIXT Evidence Panel
Article by CyberSIXT
Timeline Coverage
Swipe to explore timeline
-
Ivanti Sentry Exploitation Attempts Hitting Honeypots
www.securityweek.com
-
Spring Framework Patches Critical Flaws, Urges Immediate Upgrade
cybersixt.com
-
Ubiquiti UniFi OS flaws let attackers run commands on devices
-
New Patches Fix Broad AMD Security Vulnerabilities
-
CISA Adds Ivanti Sentry Command Injection Flaw to KEV Catalogue
-
CISA warns of Ivanti Sentry flaw granting remote root access
-
Critical Ivanti Sentry flaw exploited 24 hours after disclosure
-
Ivanti Sentry gateways compromised by CVE-2026-10520 injection bug
-
CVE-2026-10520 lets hackers run root on Ivanti Sentry
-
CVE-2026-10520, CVE-2026-10523 - Multiple critical vulnerabilities affecting Ivanti Sentry
-
Critical Vulnerabilities Patched in Fortinet, Ivanti Products
-
Ivanti patches CVE-2026-10520 gateway flaw after urgent alert