🚨 CRITICAL ALERT: Active Zero-Day Exploits

Ivanti Sentry is affected by a critical CVSS 10.0 pre-authentication OS command injection flaw, CVE-2026-10520, which allows a remote unauthenticated attacker to achieve root-level remote code execution. The issue is listed in CISA’s Known Exploited Vulnerabilities catalog, making immediate remediation a priority for any exposed deployment.[1][3][4]

Critical Vulnerabilities (CVSS >= 8.0)

• CVE-2026-10520 (CVSS: 10.0): OS command injection in Ivanti Sentry before R10.5.2, R10.6.2, and R10.7.1 enables a remote unauthenticated attacker to obtain root-level remote code execution. View NVD | CISA KEV
• CVE-2026-10523 (CVSS: 9.9): Authentication bypass in Ivanti Sentry before R10.5.2, R10.6.2, and R10.7.1 allows a remote unauthenticated attacker to create arbitrary administrative accounts and gain full administrative access. View NVD | CISA KEV

⚡ Immediate Actions Required

Patch immediately to Ivanti Sentry R10.5.2, R10.6.2, or R10.7.1 or later, as these versions remediate the critical flaws.[2][3][8] Prioritize internet-facing appliances first, assume exposed systems may be targeted, and validate that no unauthorized administrative accounts or suspicious command execution activity are present.[1][2][3]

If you operate Ivanti Sentry, treat this as an urgent containment event: isolate affected systems if patching cannot be completed right away, review logs for unauthenticated access attempts, and monitor closely for post-exploitation activity consistent with root-level compromise.[1][3][8]