All Topics
All Topics
Technology
Technology
AI
AI
Business
Business
Entertainment
Entertainment
News
News
Programming
Programming
Security
Security
Science
Science
Design
Design
Environment
Environment
Finance
Finance
Crypto
Crypto
Politics
Politics
Sports
Sports
Education
Education
Gaming
Gaming
Art
Art
Music
Music
Health
Health
Books
Books
Food
Food
Travel
Travel
Personal
Personal
Bluesky
Twitter

Ivanti Sentry Pre-Auth OS Command Injection (CVE-2026-10520) Allows Root-Level Remote Code Execution

By

Sonny

15d ago· 9 min readenNews

Summary

Ivanti published an advisory detailing two vulnerabilities in its Sentry product. CVE-2026-10520 is a pre-authenticated OS Command Injection vulnerability with a CVSS score of 10/10, allowing remote unauthenticated attackers to achieve root-level remote code execution on Ivanti Sentry versions before R10.5.2, R10.6.2, and R10.7.1. CVE-2026-10523 is an Authentication Bypass vulnerability. The article discusses the severity and implications of these vulnerabilities in a somewhat informal, sarcastic tone.

Source

bskyIvanti Sentry Pre-Auth OS Command Injection (CVE-2026-10520) Allows Root-Level Remote Code Executionlabs.watchtowr.com

Key quotes

· 3 pulled
Today, Ivanti published an advisory. 'No way?' we hear you say. 'Yes way!'
CVE-2026-10520 gets full Secure-by-Design points with a CVSS score of 10/10 - just as you'd expect for a Pre-Authenticated Command Injection.
An OS Command Injection vulnerability in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote unauthenticated user to achieve root-level remote code execution
Snippet from the RSS feed
Today, Ivanti published an advisory. “No way?” we hear you say. "Yes way!" Today’s advisory outlines two vulnerabilities in Ivanti’s Sentry product, appealing directly to our inner desire for sophisticated server-side, pre-authenticated vulnerabilities.

You might also wanna read

Comments

Sign in to join the conversation.

No comments yet. Be the first.