All Topics
All Topics
Technology
Technology
Design
Design
Programming
Programming
Science
Science
News
News
Gaming
Gaming
Entertainment
Entertainment
Business
Business
Finance
Finance
Sports
Sports
Health
Health
Food
Food
Travel
Travel
Art
Art
Music
Music
Books
Books
Education
Education
Politics
Politics
Personal
Personal
No algorithm. No AI slop. No ads. Just RSS. Pro-human. Indie writers. Real journalism. Open web. Chronological. Hand toasted.

Ivanti discloses two critical vulnerabilities in Sentry mobile gateway, including max-severity unauthenticated RCE flaw

By

Connor Jones

2d ago· 2 min readenNews
Bagel score 70 of 100
70/100
Toasty
Bagelometer

Right out the toaster. Reliable, with some real depth.

Score70TypenewsSentimentnegative

Summary

Ivanti has disclosed two critical vulnerabilities in its Sentry mobile gateway product. The most severe is CVE-2026-10520, a maximum-severity (10.0) flaw that allows remote, unauthenticated attackers to execute code with root privileges. The article highlights that unauthenticated root-level remote code execution vulnerabilities are among the most dangerous types of security flaws.

Key quotes

· 1 pulled
Flaws that allow root-level code execution without authentication are about as bad as vulnerabilities get
Snippet from the RSS feed
Remote, unauthenticated RCE with root privileges is about as bad as it gets

You might also wanna read

CVE-2026-10520: Critical Ivanti Sentry OS Command Injection Vulnerability Actively Exploited

Ivanti Sentry (formerly MobileIron Sentry) has a critical pre-authentication OS command injection vulnerability (CVE-2026-10520, CVSS 10.0)

hellorecon.com·1d ago

Critical React Vulnerability (CVE-2025-55182) Enables Remote Code Execution in React 19 and Next.js

A critical security vulnerability (CVE-2025-55182) has been discovered in React Server Components' 'Flight' protocol, affecting React 19 and

wiz.io·6mo ago

Critical Security Vulnerability CVE-2025-66478 in React Server Components Protocol

A critical security vulnerability (CVE-2025-66478) has been discovered in the React Server Components (RSC) protocol with a CVSS score of 10

nextjs.org·6mo ago

Critical Security Vulnerability in React Server Components (CVE-2025-55182) Allows Remote Code Execution

The React team disclosed a critical security vulnerability (CVE-2025-55182) rated CVSS 10.0 that allows unauthenticated remote code executio

react.dev·6mo ago

Critical RCE Vulnerability in React Server Components Affects React 19.x and Next.js 15.x/16.x

A critical security vulnerability (CVE-2025-5518) affects React packages versions 19.0.0-19.2.0 and Next.js 15.x/16.x using App Router, allo

github.com·6mo ago

Researcher Discovers Critical React2Shell RCE Vulnerability (CVE-2025-55182) Affecting Millions of Websites

A security researcher recounts discovering a critical remote code execution vulnerability (CVE-2025-55182, dubbed "React2Shell") in the Reac

lachlan.nz·1mo ago