A critical vulnerability in Ivanti Sentry, identified as CVE-2026-10520, has been exploited by attackers to compromise numerous internet-exposed gateways, despite patches being released recently. This maximum-severity OS command injection flaw allows remote code execution with root privileges, enabling threat actors to gain unrestricted access to affected systems. The vulnerability affects Ivanti Sentry versions prior to R10.5.2, R10.6.2, and R10.7.1, and can be exploited by remote unauthenticated users. The swift exploitation of this flaw highlights the importance of prompt patching and monitoring for signs of compromise. As the attack surface expands with the disclosure of CVE-2026-105201, practitioners must prioritize mitigation efforts based on their exposure and evidence of exploitation. This vulnerability poses a significant risk to organizations using Ivanti Sentry, and immediate attention is required to prevent potential breaches.
CVE-2026-10520 Exploited: Ivanti Sentry Gateways Compromised Shortly After Patch Release
⚠️ Critical Alert
Why This Matters
CVE-2026-10520 disclosure expands the active attack surface — prioritize based on your exposure and exploitation evidence.
References
- SecurityAffairs. (2026, June 11). CVE-2026-10520 Exploited: Ivanti Sentry Gateways Compromised Shortly After Patch Release. *SecurityAffairs*. https://securityaffairs.com/193530/hacking/cve-2026-10520-exploited-ivanti-sentry-gateways-compromised-shortly-after-patch-release.html
Original Source
SecurityAffairs
Read original →