What is CVE-2026-10520?
An OS Command Injection vulnerability in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote unauthenticated user to achieve root-level remote code execution
CISA Known Exploited Vulnerability
Ivanti Sentry OS Command Injection Vulnerability
Affected product
Ivanti Sentry
Remediation Steps
- Apply vendor patch for Ivanti Sentry OS Command Injection vulnerability within 3 days per CISA Binding Operational Directive 26-04
- Review system logs for unauthorized command execution attempts
- Restrict network access to Ivanti Sentry management interfaces to trusted administrative networks
- Verify patch deployment across all affected instances
References
- https://hub.ivanti.com/s/article/Security-Advisory-Ivanti-Sentry-CVE-2026-10520-CVE-2026-10523?language=en_US
- https://github.com/watchtowrlabs/watchTowr-vs-Ivanti-Sentry-RCE-CVE-2026-10520-CVE-2026-10523
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-10520
- https://nvd.nist.gov/vuln/detail/CVE-2026-10520
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog
Coverage on defend.network
- Vulnerability Priority Report – Week 2 of June 2026 (June 8 – 14)
🤖 This CVE page is generated by defend.network from NVD, CISA KEV, EPSS, and our verified daily briefings. Severity and exploitation data come from official sources; always verify remediation steps against the official vendor advisory before acting in production.