Max-severity Ivanti Sentry flaw exploited for root code execution (CVE-2026-10520)
Ivanti patched a maximum-severity unauthenticated command-injection flaw in its Sentry mobile gateway that gives attackers root-level remote code execution, and within days real-world exploitation followed a public proof-of-concept, prompting CISA to add it to its Known Exploited Vulnerabilities catalog.
- Victim
- Ivanti Sentry