Vulnerability intelligence
CVE-2026-10520
An OS Command Injection vulnerability in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote unauthenticated user to achieve root-level remote code execution
CVSS Score
10
Critical
EPSS — Exploit Probability
0.2%
Riskier than 44% of all CVEs
Exploitation
Not in CISA KEV
No federal exploitation record
Remediation
unknown
Check vendor advisories
4 articles across 4 outlets · first covered Jun 10, 2026 · latest Jun 10, 2026
Tracked incidents
Coverage timeline
-
CVE-2026-10520 lets hackers run root on Ivanti Sentrysocradar.io · Jun 10, 2026
-
CVE-2026-10520, CVE-2026-10523 - Multiple critical vulnerabilities affecting Ivanti Sentrywww.rapid7.com · Jun 10, 2026
-
Critical Vulnerabilities Patched in Fortinet, Ivanti Productswww.securityweek.com · Jun 10, 2026
-
Ivanti patches CVE-2026-10520 gateway flaw after urgent alertsecurityonline.info · Jun 10, 2026