Ivanti: Max severity Sentry flaw allows code execution as root
Ivanti patched two critical vulnerabilities in its Sentry secure mobile gateway solution, including a maximum-severity OS command injection flaw that allows remote code execution with root privileges. Another critical authentication bypass vulnerability enables unauthenticated attackers to create rogue administrative accounts with full access. These issues affect Ivanti Sentry and were fixed in versions R10. 5. 2, R10. 6. 2, and R10. 7. 1. There is no evidence of exploitation in the wild at the time of disclosure.
AI Analysis
Technical Summary
Ivanti Sentry, a secure mobile gateway appliance formerly known as MobileIron Sentry, contained two critical vulnerabilities. The first, tracked as CVE-2026-10520, is an OS command injection vulnerability that allows remote attackers to execute code with root privileges. The second, CVE-2026-10523, is a critical authentication bypass that permits unauthenticated attackers to create rogue administrative accounts and gain full administrative access. Ivanti released patches for these vulnerabilities in versions R10.5.2, R10.6.2, and R10.7.1. At disclosure, there was no known exploitation in the wild or public indicators of compromise. Ivanti recommends immediate upgrading to the fixed versions to mitigate risk.
Potential Impact
Successful exploitation of CVE-2026-10520 allows remote attackers to execute arbitrary code with root privileges on the Ivanti Sentry appliance, potentially compromising the entire system. CVE-2026-10523 enables unauthenticated attackers to bypass authentication controls, create rogue administrative accounts, and gain full administrative access, leading to complete system takeover. These vulnerabilities pose a critical risk to the confidentiality, integrity, and availability of affected systems.
Mitigation Recommendations
Ivanti has released official patches addressing both vulnerabilities in Sentry versions R10.5.2, R10.6.2, and R10.7.1. Administrators should upgrade to one of these versions immediately to remediate the issues. There is no evidence of exploitation in the wild, but timely patching is essential to prevent potential attacks.
Ivanti: Max severity Sentry flaw allows code execution as root
Description
Ivanti patched two critical vulnerabilities in its Sentry secure mobile gateway solution, including a maximum-severity OS command injection flaw that allows remote code execution with root privileges. Another critical authentication bypass vulnerability enables unauthenticated attackers to create rogue administrative accounts with full access. These issues affect Ivanti Sentry and were fixed in versions R10. 5. 2, R10. 6. 2, and R10. 7. 1. There is no evidence of exploitation in the wild at the time of disclosure.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
Ivanti Sentry, a secure mobile gateway appliance formerly known as MobileIron Sentry, contained two critical vulnerabilities. The first, tracked as CVE-2026-10520, is an OS command injection vulnerability that allows remote attackers to execute code with root privileges. The second, CVE-2026-10523, is a critical authentication bypass that permits unauthenticated attackers to create rogue administrative accounts and gain full administrative access. Ivanti released patches for these vulnerabilities in versions R10.5.2, R10.6.2, and R10.7.1. At disclosure, there was no known exploitation in the wild or public indicators of compromise. Ivanti recommends immediate upgrading to the fixed versions to mitigate risk.
Potential Impact
Successful exploitation of CVE-2026-10520 allows remote attackers to execute arbitrary code with root privileges on the Ivanti Sentry appliance, potentially compromising the entire system. CVE-2026-10523 enables unauthenticated attackers to bypass authentication controls, create rogue administrative accounts, and gain full administrative access, leading to complete system takeover. These vulnerabilities pose a critical risk to the confidentiality, integrity, and availability of affected systems.
Mitigation Recommendations
Ivanti has released official patches addressing both vulnerabilities in Sentry versions R10.5.2, R10.6.2, and R10.7.1. Administrators should upgrade to one of these versions immediately to remediate the issues. There is no evidence of exploitation in the wild, but timely patching is essential to prevent potential attacks.
Technical Details
- Article Source
- {"url":"https://www.bleepingcomputer.com/news/security/new-max-severity-ivanti-sentry-flaw-allows-code-execution-as-root/","fetched":true,"fetchedAt":"2026-06-10T06:41:00.307Z","wordCount":689}
Threat ID: 6a2906fc8dd33fbd85fa84ec
Added to database: 6/10/2026, 6:41:00 AM
Last enriched: 6/10/2026, 6:41:06 AM
Last updated: 6/10/2026, 8:49:02 AM
Views: 37
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.