Critical Remote Code Execution in Ivanti Sentry (CVE‑2026‑10520) Threatens Enterprise Gateways
What It Is – Ivanti Sentry, a security gateway that mediates mobile‑to‑enterprise traffic, contains two critical flaws (CVE‑2026‑10520 and CVE‑2026‑10523). The first is an OS command‑injection that grants unauthenticated attackers root‑level code execution; the second bypasses authentication to create admin accounts.
Exploitability – No public exploits are known, but detailed technical information has been released, enabling threat actors to develop working exploits. CVSS scores are expected to be 9.8+ (Critical).
Affected Products – Ivanti Sentry versions 10.5.1, 10.6.1, 10.7.0 and earlier. Fixed in 10.5.2, 10.6.2, 10.7.1.
TPRM Impact – Because Sentry sits at the network edge, a compromise can expose credentials, session tokens, and allow lateral movement into internal email and application servers, creating a supply‑chain foothold for third‑party risk.
Recommended Actions –
- Verify your Sentry version immediately; use the WatchTowr detection script.
- Apply Ivanti’s patches (10.5.2, 10.6.2, 10.7.1) without delay.
- Restrict internet‑facing access to the Sentry management API (e.g., firewall allow‑lists, VPN).
- Rotate any credentials or tokens that may have been exposed.
- Review logs for anomalous API calls and conduct a post‑patch security audit.