CVE-2026-10520: Ivanti Sentry unauthenticated root RCE
Active exploitation confirmed in the wild. CISA added this to the KEV catalog on 2026-06-11. Federal agencies must patch by 2026-06-14.
| Field | Value |
|---|---|
| CVE ID | CVE-2026-10520 |
| CVSS score | 10.0 |
| Attack vector | Remote |
| Auth required | None |
| Patch status | Fixed versions available |
TL;DR - Critical Ivanti Sentry OS command injection enables unauthenticated root RCE. - Affects versions before R10.5.2, R10.6.2, and R10.7.1. - Patch immediately; no verified in-the-wild exploitation or public PoC is confirmed from available sources.
What is CVE-2026-10520?
CVE-2026-10520 is a critical OS command injection vulnerability in Ivanti Sentry. According to NVD, the flaw allows a remote unauthenticated attacker to achieve root-level remote code execution on vulnerable appliances. In practical terms, this is a worst-case outcome for an internet-exposed or externally reachable appliance because an attacker does not need valid credentials and can potentially obtain full control of the system.
The risk is amplified by the product type. Ivanti Sentry is commonly deployed as a security and mobility infrastructure component, which means compromise is not limited to a single host. Root-level control over a Sentry appliance can create opportunities for follow-on access, credential or token theft, traffic inspection or manipulation, and persistence on a trusted management path. Even without confirmed exploitation in the wild, defenders should treat a CVSS 10.0 unauthenticated appliance RCE as an emergency patching event.
Who is affected?
The affected product is Ivanti Sentry. Based on the NVD description, vulnerable versions are explicitly listed as versions before R10.5.2, before R10.6.2, and before R10.7.1. That means organizations running older builds in those supported trains should assume exposure until they confirm the exact installed version and upgrade state.
The fixed versions are also clearly identified: R10.5.2, R10.6.2, and R10.7.1. If you are on an older branch or a custom maintenance path, do not assume you are covered by a backport unless Ivanti has explicitly documented it. If you cannot verify the running version immediately, the safest operational assumption is that the appliance is vulnerable until proven otherwise.
| Product | Affected versions | Fixed version |
|---|---|---|
| Ivanti Sentry | Before R10.5.2 | R10.5.2 |
| Ivanti Sentry | Before R10.6.2 | R10.6.2 |
| Ivanti Sentry | Before R10.7.1 | R10.7.1 |
Severity and why this matters
NVD assigns CVE-2026-10520 a CVSS score of 10.0, which is the maximum severity. The exact vector string was not exposed in the retrieved compact NVD response, so it should not be guessed or reconstructed without a primary-source vector. Still, the verified facts already justify urgent action: remote exploitation, no authentication, command injection, and root-level code execution.
From a defender’s perspective, this combination means the vulnerability can move quickly from an exposure management problem to an incident response problem. Appliance flaws with unauthenticated RCE characteristics often attract rapid exploit development because they can be scanned at scale, do not require stolen credentials, and frequently sit in sensitive network positions. Even if no exploitation has been confirmed yet, organizations should expect researchers and attackers to analyze the patch diff and hunt for reliable exploit paths.
Exploitation status
Based on the available primary-source material, there is no verified evidence of exploitation in the wild for CVE-2026-10520 at this time. The CVE is not listed in the CISA Known Exploited Vulnerabilities catalog, which means there is currently no CISA-confirmed active exploitation entry for this issue. That is useful context, but it should not be treated as a safety signal.
There is also no verified public proof of concept identified from the gathered sources. Searches may return generic or unattributed references, but none were reliable enough to cite as a confirmed PoC for this exact CVE. Defenders should therefore use careful language: exploitation is not confirmed, a public PoC is not confirmed, and neither absence should lower patch priority. In the absence of trusted exploitation telemetry, the correct assumption is that exploit development is plausible and may emerge quickly for a bug of this class.
What should defenders do now?
The first step is simple: identify every Ivanti Sentry instance in your environment and determine the running release. Asset inventories are often incomplete for appliances, especially where ownership is split between networking, mobility, and security teams. If you do not have a current inventory, query DNS, management networks, CMDB records, and virtualization platforms where applicable. Treat any unverified Sentry instance as potentially vulnerable until it is reviewed.
The second step is to schedule an expedited upgrade to the appropriate fixed version: R10.5.2, R10.6.2, or R10.7.1. If operational constraints delay patching, reduce exposure while you prepare the maintenance window. That includes restricting management access paths, limiting internet reachability where feasible, tightening upstream ACLs or reverse-proxy controls, and increasing logging retention around the appliance. Those are compensating controls, not substitutes for patching.
Bottom line
CVE-2026-10520 is a critical Ivanti Sentry vulnerability that defenders should treat as a priority-one patch item. The verified facts are already severe enough: OS command injection, remote reachability, no authentication required, and root-level code execution. If your organization runs Ivanti Sentry and is on a version before R10.5.2, before R10.6.2, or before R10.7.1, assume exposure until the appliance is upgraded.
There is currently no verified public PoC and no CISA-confirmed in-the-wild exploitation in the sources reviewed here. That is useful context, but not a reason to wait. For appliance RCEs, the safest defensive posture is to patch immediately, restrict exposure where patching is delayed, and hunt for command-injection behavior around the appliance until remediation is complete.
For further reading, check our articles on what an intrusion prevention system (IPS) does and supply chain compromise patterns this period.
This article may contain affiliate links. We earn a commission on qualifying purchases at no extra cost to you.
How to detect possible exploitation
Detection will be harder than for a vulnerability with a published exploit string because the vulnerable parameter, endpoint, or request format has not been verified in the available sources. That means defenders should focus on broader command injection and post-exploitation telemetry around Ivanti Sentry rather than waiting for a vendor-specific signature that may not yet exist.
At a minimum, review appliance logs, reverse proxy logs, WAF logs, and network telemetry for unexpected requests to Sentry administrative or application endpoints, especially from unfamiliar external IP addresses. Also look for signs of command execution side effects: unexpected child processes, outbound connections from the appliance, configuration changes, or newly created files under temporary or web-accessible paths. If logging on the appliance is limited, pivot to adjacent telemetry sources such as load balancers, firewalls, EDR on management jump hosts, and NetFlow.
Technical Notes
Because the exact exploit path is not publicly confirmed in the sources here, use behavioral detections for command injection attempts and suspicious shell metacharacters in HTTP requests headed to Sentry-related hosts.
Example web log grep for suspicious metacharacters:
grep -E '(%3[Bb]|%26|%7[Cc]|;|&&|\|\||`|\$\()' /var/log/nginx/access.log
Example Splunk query for suspicious requests to Sentry hosts:
index=proxy OR index=web sourcetype=access_combined
(host="*sentry*" OR url_domain="*sentry*")
("|" OR ";" OR "&&" OR "`" OR "$(" OR "%3B" OR "%26" OR "%7C")
| stats count by src_ip, host, uri_path, http_user_agent
Example Suricata-style signature for command-injection-like HTTP requests targeting a Sentry hostname pattern. This is heuristic and may require tuning:
alert http $EXTERNAL_NET any -> $HOME_NET any (
msg:"Possible command injection attempt against Ivanti Sentry";
flow:to_server,established;
http.host; content:"sentry"; nocase;
pcre:"/(\%3B|\%26|\%7C|;|&&|\|\||`|\$\()/Ui";
sid:42010520; rev:1;
)
Concrete log pattern to review in HTTP access logs:
POST /<unknown-endpoint> HTTP/1.1
User-Agent: curl/8.0
... parameter=value;id
That pattern is not a confirmed exploit for this CVE. It is an example of the kind of shell metacharacter injection attempt defenders should search for while the exact exploit details remain limited.
Mitigation and patching
The primary mitigation is to upgrade affected Ivanti Sentry versions to a fixed release. The version guidance verified from NVD is explicit: systems running versions before R10.5.2, before R10.6.2, and before R10.7.1 should be upgraded to R10.5.2, R10.6.2, or R10.7.1 respectively. Use the release line supported by your environment and vendor guidance.
If you cannot patch immediately, apply temporary exposure reduction measures. Restrict inbound access to the appliance to only known administrative networks or required upstream systems. If the appliance is directly internet-accessible, evaluate whether you can place it behind a tightly filtered reverse proxy or firewall rule set until patching is complete. Also increase monitoring for outbound connections originating from the appliance, since successful root-level RCE often results in callback traffic, tooling downloads, or lateral movement attempts.
Technical Notes
The exact Ivanti Sentry upgrade workflow can vary by deployment and vendor packaging, and the source material provided here does not include the full advisory body or a verified step-by-step vendor CLI. Because of that, defenders should not rely on unverified shell commands copied from generic Linux patching guides. The safe operational action is to use the official Ivanti Sentry upgrade package and documented procedure for your branch.
What you can do immediately is verify the running version from the appliance and document the target fixed release before the maintenance window. Example version-check pattern on an appliance shell, if administrative shell access is part of your standard support workflow:
cat /etc/issue
uname -a
If your team manages Sentry through an administrative UI or vendor-provided maintenance workflow, record: - current version - target version: R10.5.2, R10.6.2, or R10.7.1 - backup status - rollback plan - change ticket and maintenance window
As a workaround until upgrade, implement network restrictions with your upstream firewall. Example placeholder pattern:
# Example only: restrict inbound access to trusted admin IPs
iptables -A INPUT -p tcp -s <trusted-admin-ip>/32 --dport 443 -j ACCEPT
iptables -A INPUT -p tcp --dport 443 -j DROP
Use the equivalent control in your actual environment. This is a compensating control, not a fix, and should be removed or revised after the appliance is upgraded and validated.
References
The primary technical facts for this article come from the NVD entry for CVE-2026-10520 and the Ivanti advisory URL referenced by NVD. The NVD entry confirms the vulnerability type, the unauthenticated remote root RCE impact, and the affected and fixed version ranges. The Ivanti advisory URL exists and should be used as the vendor reference for operational patch guidance.
CISA KEV status is also relevant here because it helps frame whether exploitation has been formally confirmed by CISA. As of this writing, CVE-2026-10520 is not listed in the KEV catalog. That should inform communications, but not reduce urgency for remediation.