All Topics
All Topics
Technology
Technology
Design
Design
Programming
Programming
Science
Science
News
News
Gaming
Gaming
Entertainment
Entertainment
Business
Business
Finance
Finance
Sports
Sports
Health
Health
Food
Food
Travel
Travel
Art
Art
Music
Music
Books
Books
Education
Education
Politics
Politics
Personal
Personal
No algorithm. No AI slop. No ads. Just RSS. Pro-human. Indie writers. Real journalism. Open web. Chronological. Hand toasted.

CVE-2026-10520: Critical Ivanti Sentry OS Command Injection Vulnerability Actively Exploited

By

Vladimir Slavin

1d ago· 4 min readenNews
Bagel score 75 of 100
75/100
Toasty
Bagelometer

Crackles when you bite it. Shows the baker did the work.

Score75TypenewsSentimentvery negative

Summary

Ivanti Sentry (formerly MobileIron Sentry) has a critical pre-authentication OS command injection vulnerability (CVE-2026-10520, CVSS 10.0) that allows remote attackers to execute root-level commands. The vulnerability resides in the MICS configuration API endpoint (/mics/api/v2/sentry/mics-c). It is actively exploited in the wild, listed on CISA's Known Exploited Vulnerabilities (KEV) catalog with a 3-day remediation deadline. A public proof-of-concept exploit is available from watchTowr Labs. The article provides guidance on how to identify exposed Ivanti Sentry appliances on networks using RECON or similar discovery methods.

Key quotes

· 3 pulled
Ivanti Sentry (formerly MobileIron Sentry) contains a pre-authentication OS command injection vulnerability that gives remote attackers root-level code execution.
CVSS 10.0, actively exploited in the wild, CISA KEV listed with a 3-day remediation deadline.
A public PoC is available from watchTowr Labs.
Snippet from the RSS feed
Ivanti Sentry (formerly MobileIron Sentry) contains a pre-authentication OS command injection vulnerability (CVSS 10.0) allowing root-level RCE. Actively exploited, CISA KEV listed. Find exposed Sentry appliances with RECON.

You might also wanna read

Ivanti discloses two critical vulnerabilities in Sentry mobile gateway, including max-severity unauthenticated RCE flaw

Ivanti has disclosed two critical vulnerabilities in its Sentry mobile gateway product. The most severe is CVE-2026-10520, a maximum-severit

theregister.com·2d ago

AI-Driven Attacks Under 60 Seconds Force Evolution of Security Operations Centers; Ivanti and Microsoft Flaws Actively Exploited

This article covers the urgent evolution of Security Operations Centers (SOCs) toward an 'Agentic SOC' model to combat AI-driven cyberattack

share.transistor.fm·1d ago

CISA warns of active exploitation of LiteLLM command injection vulnerability (CVE-2026-42271)

A critical command injection vulnerability (CVE-2026-42271) in BerryAI's LiteLLM open-source AI gateway is under active exploitation by atta

helpnetsecurity.com·3d ago

CISA Adds Three Actively Exploited Vulnerabilities to Known Exploited Vulnerabilities Catalog

CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, citing evidence of active exploitation. The v

cisa.gov·3d ago

Critical Windows Netlogon Flaw CVE-2026-41089 Actively Exploited for Remote Code Execution

A critical Windows Netlogon vulnerability (CVE-2026-41089) with a CVSS score of 9.8 is being actively exploited by threat actors to achieve

thecyberexpress.com·10d ago

CISA Adds Critical LiteLLM Vulnerability to Known Exploited Catalog, Mandates Federal Remediation by June 22

CISA has added CVE-2026-42271, a critical vulnerability affecting LiteLLM Model Context Protocol endpoints, to its Known Exploited Vulnerabi

briefly.co·1d ago