CVE-2026-10520 | THREATINT

Description

An OS Command Injection vulnerability in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote unauthenticated user to achieve root-level remote code execution

PUBLISHED Reserved 2026-06-01 | Published 2026-06-09 | Updated 2026-06-10 | Assigner ivanti

CRITICAL: 10.0CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Problem types

CWE-78 Improper neutralization of special elements used in an OS command ('OS command injection')

Product status

Default status

affected

R10.5.2

unaffected

R10.6.2

unaffected

R10.7.1

unaffected

References

hub.ivanti.com/...E-2026-10520-CVE-2026-10523?language=en_US

cve.org (CVE-2026-10520)

nvd.nist.gov (CVE-2026-10520)

Download JSON