← back
CVE-2026-10520

CVE-2026-10520

CVSS 10 CRITICALEPSS 98.9%CWE-78
An OS Command Injection vulnerability in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote unauthenticated user to achieve root-level remote code execution
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Affected products
ivanti · Sentry
public PoCs found5
cve_referencegithub.com/watchtowrlabs/watchTowr-vs-Ivanti-Sentry-RCE-CVE-2026-10520-CVE-2026-1052313githubgithub.com/0xBlackash/CVE-2026-105204githubgithub.com/ogenich/CVE-2026-105202githubgithub.com/HORKimhab/CVE-2026-10520-105230githubgithub.com/error-inside/CVE-2026-105200
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/watchtowrlabs/watchTowr-vs-Ivanti-Sentry-RCE-CVE-2026-10520-CVE-2026-10523https://hub.ivanti.com/s/article/Security-Advisory-Ivanti-Sentry-CVE-2026-10520-CVE-2026-10523?language=en_UShttps://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-10520