CVE-2026-10520

CVSS 10 CRITICALEPSS 98.9%CWE-78

An OS Command Injection vulnerability in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote unauthenticated user to achieve root-level remote code execution

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Produtos afetados

ivanti · Sentry

PoCs públicas encontradas — 5

cve_referencegithub.com/watchtowrlabs/watchTowr-vs-Ivanti-Sentry-RCE-CVE-2026-10520-CVE-2026-10523★ 13 githubgithub.com/0xBlackash/CVE-2026-10520★ 4 githubgithub.com/ogenich/CVE-2026-10520★ 2 githubgithub.com/HORKimhab/CVE-2026-10520-10523★ 0 githubgithub.com/error-inside/CVE-2026-10520★ 0

⚠ Recursos públicos, para você avaliar a exposição de sistemas que controla ou está autorizado a testar. Teste apenas com autorização.

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://github.com/watchtowrlabs/watchTowr-vs-Ivanti-Sentry-RCE-CVE-2026-10520-CVE-2026-10523 https://hub.ivanti.com/s/article/Security-Advisory-Ivanti-Sentry-CVE-2026-10520-CVE-2026-10523?language=en_US https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-10520