Actively exploited in the wild
Ivanti Sentry OS Command Injection Vulnerability
Ivanti — Sentry · Listed in the CISA KEV since 2026-06-11. This indicates confirmed attacks in production environments.
Required action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.
CVE-2026-10520
CriticalCVSS 10.0KEVExploitation Probability (EPSS)
Very high risk98th percentile — higher than 98% of all known CVEs
Summary
CVE-2026-10520 is an OS Command Injection vulnerability in Ivanti Sentry before versions R10.5.2, R10.6.2, and R10.7.1 that allows a remote unauthenticated user to achieve root-level remote code execution.
Risk Assessment
This vulnerability poses a significant risk to organizations by allowing attackers to remotely take control of the system without requiring authentication.
Recommendation
It is recommended to update Ivanti Sentry to the latest version to mitigate this vulnerability and implement additional security measures to protect against potential attacks.
Original NVD description (English source)
An OS Command Injection vulnerability in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote unauthenticated user to achieve root-level remote code execution

