Ivanti Sentry OS command injection RCE as root (CVE-2026-10520)
Vulnerability
Summary
Hide ▲
Show ▼
Ivanti Sentry has a critical OS command injection vulnerability, CVE-2026-10520, that can let remote attackers execute code with root privileges on the gateway appliance. Ivanti said it had no evidence of exploitation in the wild at disclosure. The company released fixed builds R10.5.2, R10.6.2, and R10.7.1 to address the flaw. Administrators should upgrade affected gateways to reduce exposure.
Related Happenings
CISA emergency patch deadline for Ivanti EPMM
Public Sector Action
H score53
First: 08.05.2026 15:16
Last: 08.05.2026 15:16
Sources 1
About this happening:
CISA ordered **U.S. federal agencies** to patch **Ivanti EPMM** by **midnight Sunday, May 10** after adding **CVE-2026-6973** to its list of vulnerabilities exploited in attacks....
CISA emergency patch deadline for Ivanti EPMM
Public Sector ActionAbout this happening: CISA ordered **U.S. federal agencies** to patch **Ivanti EPMM** by **midnight Sunday, May 10** after adding **CVE-2026-6973** to its list of vulnerabilities exploited in attacks....
Linux distributions mitigation advisories for CVE-2026-31431
Advisory/Mitigation
H score53
First: 30.04.2026 12:24
Last: 30.04.2026 12:24
Sources 1
About this happening:
Multiple **Linux distributions** released advisories for **CVE-2026-31431**, adding mitigation guidance for a **Linux kernel local privilege escalation** that can let an unprivile...
Linux distributions mitigation advisories for CVE-2026-31431
Advisory/MitigationAbout this happening: Multiple **Linux distributions** released advisories for **CVE-2026-31431**, adding mitigation guidance for a **Linux kernel local privilege escalation** that can let an unprivile...
Timeline
-
10.06.2026 09:26 2 articles · 3h ago
Ivanti releases Sentry patches for CVE-2026-10520 and CVE-2026-10523
Mitigation Patch UpdateIvanti released Sentry versions R10.5.2, R10.6.2, and R10.7.1 to fix CVE-2026-10520, an OS command injection flaw that can let remote attackers execute code as root, and CVE-2026-10523, a critical authentication bypass that can allow unauthenticated attackers to create rogue administrative accounts and gain full administrative access. Ivanti said it had no evidence of exploitation in the wild at disclosure and advised administrators to upgrade affected systems.
Show sources
- Ivanti: Max severity Sentry flaw allows code execution as root — www.bleepingcomputer.com — 10.06.2026 09:26
- Ivanti: Max severity Sentry flaw allows code execution as root — www.bleepingcomputer.com — 10.06.2026 09:26