CVE-2026-10520: Ivanti Sentry OS Command Injection Vulnerability

An OS Command Injection vulnerability in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote unauthenticated user to achieve root-level remote code execution
CVE-2026-10520CVSS 10.0CISA KEVVPN

CVE-2026-10520: Ivanti Sentry OS Command Injection Vulnerability

An OS Command Injection vulnerability in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote unauthenticated user to achieve root-level remote code execution

CVSS
10.0 CRITICAL
EPSS
99.93%
Known exploited
yes
Product
Sentry

What is known

An OS Command Injection vulnerability in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote unauthenticated user to achieve root-level remote code execution

Sources