DSDIGITAL SENTRY
Back to Blog
VulnerabilitiesJun 11, 20269 min read

CVE-2026-10520: Critical Pre-Auth RCE in Ivanti Sentry (CVSS 10.0)

A pre-authentication OS command injection in Ivanti Sentry, a CVSS 10.0, allows remote unauthenticated root-level code execution on externally-reachable unmanaged appliances. CISA KEV with a 3-day remediation window. What to do now.

What happened

CVE-2026-10520 is an OS command injection vulnerability in Ivanti Sentry, the MobileIron-derived MDM gateway. NVD rates the vulnerability CVSS v3.1 10.0 (Critical). The CWE classification is CWE-78 (OS Command Injection). The vulnerable versions are Ivanti Sentry before R10.5.2, R10.6.2, and R10.7.1. CISA added the CVE to the Known Exploited Vulnerabilities catalog on 11 June 2026 with a remediation due date of 14 June 2026, a 3-day window, which is the shortest window CISA issues and signals active in-the-wild exploitation of a pre-authentication RCE.

How it works

The vulnerability allows a remote unauthenticated user to achieve root-level code execution. The vulnerable appliance is exploitable in cases where the Sentry appliance is in an unmanaged state with its endpoints externally reachable. The use of mTLS with EPMM, or restricted HTTPS access through Neurons for MDM, makes the affected interfaces inaccessible to external actors. The watchTowr Labs technical writeup linked from the NVD references provides a full reproduction and a Sentry appliance detection script that organizations can use to identify exposed appliances before patching.

Sentry appliances have been a focus of state-aligned threat actors because mobile management is a high-value target for intelligence collection. The pattern of pre-authentication RCE in Ivanti's edge products is now familiar: the same operational profile that produced CVE-2024-22024 in Ivanti Connect Secure, and CVE-2025-0282 in Connect Secure, applied to Sentry in 2026. The threat model is the same: an externally-reachable edge appliance with a trusted position in the network, exploited for initial access and used as a pivot to the rest of the managed estate. The remediation pattern is the same too: short patch windows, mTLS as a mitigation, and the expectation that patching the appliance is the operational floor, not the ceiling.

Blast radius

Ivanti Sentry sits in front of the mobile-device fleet, terminating device traffic and forwarding it to the management plane. A root-level compromise of a Sentry appliance gives the attacker visibility into every managed mobile device on the network: which devices are enrolled, what their posture is, what traffic is flowing through the Sentry. From there, the attacker can pivot to the EPMM or MDM backend, to the directory that authenticates the devices, and to the certificate authority that issues device certificates. The blast radius of a Sentry compromise is the entire mobile management plane, not just the appliance itself.

Defender actions

Defender actions for CVE-2026-10520 are time-bounded and have a hard deadline. CISA's due date is 14 June 2026. Steps, in order: identify all Ivanti Sentry appliances in the estate using the detection script linked from the watchTowr writeup. For each appliance, check whether the management interface is externally reachable. If yes, take the appliance off the public network as a first step; mTLS to EPMM is the in-band mitigation, but network isolation is the safer interim control. Patch to R10.5.2, R10.6.2, or R10.7.1 (whichever is current) within the 3-day window. After patching, audit the appliance for indicators of pre-patch compromise: unusual Sentry process activity, unexpected outbound connections, and any modification to the appliance's management configuration. The appliances that were externally reachable in the days before the patch should be treated as compromised and the MDM backend that they forward to should be audited in turn.

Lessons

The wider pattern in 2025 and 2026 has been a series of pre-authentication remote code execution vulnerabilities in edge appliances, with Ivanti, Fortinet, and Palo Alto Networks products all affected. The pattern is consistent: external reachability, privileged position in the network, and exploitation by state-aligned actors who treat the appliance as initial access. The defender posture that holds up: a short patch window driven by the KEV due date, mTLS as an in-band mitigation that constrains the attack surface, and the operational discipline of treating an exposed appliance as compromised until you can demonstrate otherwise. None of those are easy to retrofit, and the cadence of the disclosures means organizations with many edge appliances have a recurring operational burden. CVE-2026-10520 is the latest reminder that the burden is real and the consequences of missing the window are not theoretical.

Have a question about security, tech, or my articles?

Ask Hermes, my AI assistant.

Chat with Hermes

Related articles

Vulnerabilities

CVE-2026-42271: Command Injection in LiteLLM via MCP Server Preview Endpoints

LiteLLM 1.74.2 through 1.83.6 had command-injection flaws in two MCP server preview endpoints. Any authenticated user, including low-privilege internal keys, could run arbitrary commands on the host. Fixed in 1.83.7. CISA KEV since 8 June 2026.

Jun 8, 20268 min read
Vulnerabilities

CVE-2026-48027: Malicious Version of Nx Console, Credential Theft, and a Postmortem Worth Reading

On 19 May 2026, a compromised release of the Nx Console VS Code extension was published to the VS Code marketplace for 18 minutes. It harvested credentials from disk and memory. What happened, what to do, and what the postmortem teaches about supply-chain trust.

May 27, 20269 min read
Vulnerabilities

CVE Breakdown: Windows Hyper-V Elevation of Privilege

A look at a recent Windows Hyper-V elevation of privilege vulnerability: root cause, exploitation path, and what defenders should prioritize on multi-tenant hypervisor hosts.

May 10, 20246 min read