CVE-2026-10520

10CRITICAL

Key Information:

Vendor: Ivanti
Status: Sentry
Vendor: CVE Published:; 9 June 2026

Badges

📈 Score: 439👾 Exploit Exists📰 News Worthy

What is CVE-2026-10520?

An OS Command Injection vulnerability in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote unauthenticated user to achieve root-level remote code execution

Affected Version(s)

Sentry R10.5.2

Sentry R10.6.2

News Articles

The Hacker News

CVE-2026-10520

Ivanti, Fortinet, and SAP Release Patches for Multiple Critical Vulnerabilities

Fortinet, Ivanti, and SAP patched critical flaws up to CVSS 10.0, reducing RCE, admin takeover, and data exposure risks.

2 hours ago

theregister

CVE-2026-10520

Ivanti tells Sentry customers to patch now as critical bugs hit 10.0 and 9.9

Remote, unauthenticated RCE with root privileges is about as bad as it gets

6 hours ago

References

https://hub.ivanti.com/s/article/Security-Advisory-Ivanti...

CVSS V3.1

Score:

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

👾
Exploit known to exist
Jun 10, 2026
📰
First article discovered by theregister
Jun 10, 2026
Vulnerability published
Jun 9, 2026
Vulnerability Reserved
Jun 1, 2026

CVE-2026-10520 Data

JSON