Ivanti Sentry Command Injection Flaw Exploited After Public PoC Release

Attackers have started exploiting a critical Ivanti Sentry command injection vulnerability shortly after public proof-of-concept code appeared. The flaw, tracked as CVE-2026-10520, can let a remote unauthenticated attacker execute commands with root privileges on vulnerable Ivanti Sentry appliances.

Ivanti patched the issue in Sentry R10.5.2, R10.6.2, and R10.7.1, according to the official Ivanti security advisory. The company also fixed a second critical flaw, CVE-2026-10523, which can allow unauthenticated attackers to create administrative accounts.

The risk escalated after researchers reproduced the vulnerability publicly and Shadowserver later reported exploitation attempts and backdoored systems. CISA also added CVE-2026-10520 to its Known Exploited Vulnerabilities catalog, confirming real-world exploitation.

What CVE-2026-10520 Does

CVE-2026-10520 is an operating system command injection vulnerability in Ivanti Sentry. The NVD entry says affected versions before R10.5.2, R10.6.2, and R10.7.1 allow remote unauthenticated root-level remote code execution.

The flaw received a CVSS 3.1 score of 10.0, the maximum possible rating. That score reflects the combination of network access, low attack complexity, no authentication requirement, no user interaction, and high impact on confidentiality, integrity, and availability.

Ivanti Sentry is a gateway product used to secure traffic between mobile devices and internal enterprise systems. Because it often sits at the network edge, successful exploitation can give attackers a direct path into sensitive infrastructure.

Vulnerability	Type	CVSS score	Impact
CVE-2026-10520	OS command injection	10.0	Unauthenticated root-level remote code execution
CVE-2026-10523	Authentication bypass	9.9	Unauthenticated administrative account creation

PoC Release Was Followed by Exploitation Attempts

Public technical analysis from watchTowr Labs showed that CVE-2026-10520 could be reproduced as a pre-authentication command injection issue. The research increased attention on exposed Ivanti Sentry appliances.

Shortly after that, Shadowserver reported a large volume of exploitation attempts based on the public proof of concept. The organization said it saw 19 vulnerable instances in its own scans and at least two systems with backdoors.

The Shadowserver compromised website report also lists Ivanti Sentry artifacts and webshells tied to CVE-2026-10520 and CVE-2026-10523, tagged as injected code and backdoor activity.

• Ivanti disclosed and patched the flaws on June 9, 2026.
• Public proof-of-concept research appeared soon after disclosure.
• Shadowserver reported exploitation attempts and backdoored appliances.
• CISA added CVE-2026-10520 to the KEV catalog on June 11, 2026.
• Unpatched internet-facing Sentry systems should be treated as high-risk.

Affected Ivanti Sentry Versions

The affected product is Ivanti Sentry, formerly known as MobileIron Sentry. The vulnerable releases include Sentry 10.5.1, 10.6.1, 10.7.0, and earlier versions, according to the runZero guidance for identifying exposed assets.

Ivanti released fixed versions for the supported release branches. Customers running older unsupported versions should migrate to a supported fixed release rather than rely on untested legacy builds.

The issue is especially urgent for internet-facing appliances. Edge devices are attractive targets because they can provide initial access, administrative control, and a foothold for deeper intrusion.

Ivanti Sentry branch	Vulnerable version	Fixed version
10.5.x	10.5.1 and earlier	10.5.2 or later
10.6.x	10.6.1 and earlier	10.6.2 or later
10.7.x	10.7.0	10.7.1 or later
Unsupported older versions	Likely affected but not fully tested	Migrate to a supported fixed release

CISA Added the Flaw to Its Exploited Vulnerabilities Catalog

CISA’s KEV catalog listing means federal civilian agencies must act under binding remediation requirements. For private organizations, the listing still serves as a strong warning that attackers are already using the flaw.

The NVD record also references CISA’s KEV update and lists the weakness as CWE-78, improper neutralization of special elements used in an operating system command.

Organizations should not treat patching as the only response. Since backdoors have already been observed, affected systems need compromise checks even after an update is installed.

• Patch Ivanti Sentry immediately.
• Check whether the appliance was exposed to the internet before patching.
• Review logs for suspicious access and administrative activity.
• Look for webshells, injected code, new accounts, and unexpected processes.
• Rotate credentials that may have passed through or been stored on the appliance.
• Rebuild from a trusted image if compromise is suspected.

Why Edge Appliance Bugs Are Exploited So Quickly

Ivanti Sentry belongs to a category of products that attackers prioritize after disclosure: edge infrastructure. These systems often face the internet and connect to internal enterprise resources, which makes them valuable for initial access.

The second watchTowr analysis reference described Sentry as an inline gateway that manages traffic between mobile devices and internal services. That role explains why a pre-authentication root-level flaw creates immediate risk.

Attackers increasingly monitor advisories, diff patches, and automate scanning for newly disclosed vulnerabilities. When public exploit details appear, the time between disclosure and exploitation can shrink to hours or days.

Risk factor	Why it matters
Internet exposure	Attackers can scan and attack vulnerable appliances remotely
Root-level impact	Successful exploitation can give full control of the appliance
Authentication not required	Attackers do not need stolen credentials to begin exploitation
Public PoC availability	Weaponization becomes easier for more actors
Backdoors observed	Patching alone may not remove existing attacker access

What Security Teams Should Check

Security teams should first inventory all Ivanti Sentry appliances, including systems not listed in the main asset database. The second runZero guidance reference notes that Sentry can appear as an inline security gateway appliance tied to mobile device and enterprise access workflows.

Administrators should then verify version numbers, upgrade to the fixed release, and review whether the appliance was reachable from the internet. If it was exposed during the public exploitation window, teams should assume elevated risk and run a compromise assessment.

We are observing a large amount of Ivanti Sentry CVE-2026-10520 exploitation attempts based on the public PoC today. We see 19 vulnerable instances in our own scans, with at least 2 backdoored (thanks to @NCA_KSA for the tip!). However, all remaining likely compromised too. pic.twitter.com/uMgYSYLZTv

— The Shadowserver Foundation (@Shadowserver) June 10, 2026

Indicators may include unexpected administrative accounts, suspicious file changes, injected code, webshell-like artifacts, unexplained outbound connections, or log gaps around the time of exploitation attempts.

Response step	Purpose
Asset inventory	Find all Sentry appliances and confirm exposure
Version check	Identify vulnerable systems before attackers do
Patch or upgrade	Move to R10.5.2, R10.6.2, R10.7.1, or later
Compromise assessment	Look for backdoors, webshells, new accounts, and tampering
Credential rotation	Reduce follow-on risk if attacker access occurred
Network review	Check for lateral movement from the appliance into internal systems

Backdoored Appliances Need Incident Response

The second Shadowserver report reference is important because it shows that defenders may receive alerts for injected code or backdoor artifacts, not only vulnerability exposure.

That changes the response. A vulnerable but unexploited appliance may need urgent patching. A backdoored appliance needs containment, forensic review, credential rotation, and potentially a full rebuild from trusted media.

The second Ivanti advisory reference should remain the source of truth for supported fixes and vendor instructions. Organizations should also monitor for any updated guidance as exploitation data develops.

• Do not expose Sentry administration interfaces unnecessarily.
• Restrict management access to trusted networks.
• Collect appliance logs before rebuilding compromised systems.
• Check connected mobile and email management systems for follow-on access.
• Review firewall and proxy logs for unusual activity from Sentry appliances.
• Document remediation for compliance and incident reporting needs.

Ivanti Customers Should Act Before Scanning Finds Them

The exploitation timeline shows how quickly attackers move after a critical edge-device vulnerability becomes public. A maximum-severity bug with public technical details gives defenders very little time to delay patching.

For organizations running Ivanti Sentry, the priority is clear: upgrade to a fixed release, investigate exposed systems, and treat unpatched appliances as potentially compromised. Teams should also confirm that backups, rebuild procedures, and access logs are available before making major changes.

Even if only a small number of vulnerable systems appear in public scans, that does not prove safety. Filtering, blocklists, and network placement can hide exposed appliances from researchers while still leaving them reachable to attackers.

FAQ