VulnerabilityBleeping Computer
10.0 — CRITICAL
Ivanti: Max severity Sentry flaw allows code execution as root
Ivanti has patched two critical vulnerabilities in its Sentry secure mobile gateway solution, including a maximum-severity flaw that enables remote attackers to execute code with root privileges. [...]
🤖 AI BriefingAuto-generated threat analysis
🔍Threat Overview
Two critical vulnerabilities were discovered in Ivanti Sentry, allowing remote attackers to execute code with root privileges and gain full administrative access. These vulnerabilities have been exploited in the past, highlighting the importance of timely patching.
⚙️Technical Details
Affected Systems
Ivanti Sentry secure mobile gateway solution
Attack Vectors
NETWORK
💥Impact Assessment
Severity: CRITICAL
Who Is at Risk
Administrators of Ivanti Sentry systems, particularly those with unpatched versions R10.5.2, R10.6.2, and R10.7.1
🛡️Recommended Actions
1Immediately patch Ivanti Sentry systems to version R10.5.2, R10.6.2, or R10.7.1
2Monitor system logs for suspicious activity and implement additional security measures
3Conduct regular vulnerability assessments and penetration testing
📦Affected Products
Ivanti Sentry secure mobile gateway solution
🔐NVD Verified DataVERIFIED
CVE-2026-10520 ↗CVSS 10 — CRITICAL
Attack Vector
NETWORK
Complexity
LOW
Vector String
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:HWeaknesses
CWE-78
CVE-2026-10523 ↗CVSS 9.9 — CRITICAL
Attack Vector
NETWORK
Complexity
LOW
Vector String
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:HWeaknesses
CWE-288
Read the full article
This is a curated summary. The complete article is available at Bleeping Computer.