Vulnerability Report

CVE-2026-10520

RCE CISA KEV Active

Title: Ivanti Sentry OS Command Injection

RCE

Proof Of Concept

PoC Available for CVE-2026-10520

CWE Category CWE-78
Published Date Jun 09, 2026
Modified Date Jun 12, 2026
Exploit Status Available
Score 10.0 CVSS v3.1
Exploit Probability (EPSS)
59.52%

Vulnerability Summary

CVE-2026-10520: An OS Command Injection vulnerability in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote unauthenticated user to achieve root-level remote code execution

Impacted Vendors

I
ivanti 1

Reference Links

https://hub.ivanti.com/s/article/Security-Advisory-Ivanti-Sentry-CVE-2026-10520-CVE-2026-10523?language=en_US
CVSS v3.1
Source Entity 3c1d8aa1-5a33-4ea4-8992-aadd6440af75
Severity CRITICAL
10.0
Attack Vector
NETWORK
Complexity
LOW
Privileges
N/A
Interaction
NONE
Confidentiality
N/A
Integrity
N/A
Availability
N/A
Scope
CHANGED
RAW VECTOR CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Associated Attack Patterns (CAPEC)

Total: Patterns

CVE-2026-10520 Exploits & PoCs (Proof Of Concept)

GitHub https://github.com/watchtowrlabs/watchTowr-vs-Ivanti-Sentry-RCE-CVE-2026-10520-CVE-2026-10523
View Code
GitHub https://github.com/HORKimhab/CVE-2026-10520-10523
View Code
GitHub https://github.com/0xBlackash/CVE-2026-10520
View Code
MODIFIED

Vulnerability data updated via NVD.

MODIFIED

Vulnerability data updated via NVD.

MODIFIED

Vulnerability data updated via NVD.

MODIFIED

Vulnerability data updated via NVD.

MODIFIED

Vulnerability data updated via NVD.

Attack Vector Matrix

Access Vector NETWORK
Complexity LOW
Privileges N/A
Interaction NONE
CVSS Vector String CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Affected Stack

No specific products linked.