CVE-2026-10520

Summary

An OS Command Injection vulnerability in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote unauthenticated user to achieve root-level remote code execution

Affected Software

VendorProductVersion RangeStatus
ivantiSentryR10.5.2unaffected
ivantiSentryR10.6.2unaffected
ivantiSentryR10.7.1unaffected

Weaknesses

  • CWE-78: CWE-78 Improper neutralization of special elements used in an OS command ('OS command injection')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: active
    • Automatable: yes
    • Technical Impact: total

Additional References

References