WAF - WAF Release - 2026-06-23
11d ago
Source
CloudflareWAF - WAF Release - 2026-06-23cloudflare.comThis week's release introduces new managed protection to address a critical pre-authentication OS command injection vulnerability in Ivanti Sentry (CVE-2026-10520). Key Findings CVE-2026-10520: An OS command injection vulnerability in Ivanti Sentry allows remote, unauthenticated attackers to execute arbitrary system commands with root privileges. The flaw stems from improper sanitization of input strings parsed during internal configuration handling. Ruleset Rule ID Legacy Rule ID Description Previous Action New Action Comments Cloudflare Managed Ruleset 500a90789f874345b60b0de7242fdf83 N/A Ivanti Sentry - Command Injection - CVE:CVE-2026-10520 Log Block This is a new detection.
You might also wanna read
Ivanti Sentry Pre-Auth OS Command Injection (CVE-2026-10520) Allows Root-Level Remote Code Execution
Ivanti published an advisory detailing two vulnerabilities in its Sentry product. CVE-2026-10520 is a pre-authenticated OS Command Injection
labs.watchtowr.com·14d agoCVE-2026-10520: Critical Ivanti Sentry OS Command Injection Vulnerability Actively Exploited
Ivanti Sentry (formerly MobileIron Sentry) has a critical pre-authentication OS command injection vulnerability (CVE-2026-10520, CVSS 10.0)
Ivanti discloses two critical vulnerabilities in Sentry mobile gateway, including max-severity unauthenticated RCE flaw
Ivanti has disclosed two critical vulnerabilities in its Sentry mobile gateway product. The most severe is CVE-2026-10520, a maximum-severit

Comments
Sign in to join the conversation.
No comments yet. Be the first.