An unauthenticated, root-level OS command injection vulnerability, CVE-2026-10520, in Ivanti Sentry appliances was added to CISA's Known Exploited Vulnerabilities (KEV) Catalog on June 12, 2026. This addition, with a CVSS score of 10.0, triggered an aggressive June 15, 2026, patch deadline for federal agencies. While Ivanti's initial advisory on June 10, 2026, stated there was "no evidence of in-the-wild exploitation," CISA's KEV entry, citing "attempted exploitation of honeypots" (CISA), confirms threat actors are actively scanning and attempting to weaponize this flaw. Patching CVE-2026-10520 on Ivanti Sentry deployments is now mandatory.
What Happened
Ivanti released patches for CVE-2026-10520 on June 10, 2026, to address a critical OS command injection vulnerability in its Sentry product. This flaw (NVD lists it with a CVSS score of 10.0 NVD) allows unauthenticated remote attackers to execute arbitrary code with root privileges on vulnerable Ivanti Sentry appliances. The fixes target Sentry versions 10.5.2, 10.6.2, and 10.7.1 Ivanti. While Ivanti's initial advisory stated no immediate evidence of active in-the-wild exploitation at the time of patch release, this assessment quickly shifted.
Just two days later, on June 12, 2026, CISA added CVE-2026-10520 to its Known Exploited Vulnerabilities Catalog. The explicit justification for this addition was "attempted exploitation of honeypots," confirming that threat actors are actively probing for and trying to weaponize this specific vulnerability. This triggered an immediate, mandatory patching deadline for all Federal Civilian Executive Branch (FCEB) agencies: June 15, 2026. That is a 3-day window.
The urgency stems directly from CISA's recently enacted Binding Operational Directive (BOD) 26-04, "Prioritizing Security Updates Based on Risk," also released on June 10, 2026 (CISA). This directive mandates aggressive, risk-based remediation for critical flaws granting root access, like CVE-2026-10520. Organizations outside the federal government should interpret this rapid KEV addition and tight deadline as a clear signal to prioritize patching with the same level of urgency.
Why It Matters
CVE-2026-10520 matters because it is an unauthenticated, remote, root-level command injection vulnerability in a perimeter-facing appliance. A CVSS score of 10.0 means total compromise without prior authentication. Successful exploitation grants attackers complete control over the Ivanti Sentry appliance, an access point often sitting on the edge of the network.
From a compromised Sentry, threat actors can establish a foothold, pivot further into the corporate network, or use the appliance as a beachhead for lateral movement. The fact that CISA observed "attempted exploitation of honeypots" (CISA) indicates that weaponization is in progress, even if broader in-the-wild attacks have not been publicly confirmed. This is active threat intelligence.
For federal agencies, the June 15, 2026, deadline is non-negotiable, driven by BOD 26-04. This directive specifically targets vulnerabilities like CVE-2026-10520 that grant root access, underscoring the severe post-exploitation impact. Every organization with Ivanti Sentry deployed now faces the immediate threat of root compromise by opportunistic attackers scanning the internet. Patching is critical for maintaining security.
Affected Scope & Remediation
CVE-2026-10520 impacts Ivanti Sentry. Specifically, all versions prior to 10.5.2, 10.6.2, and 10.7.1 are vulnerable. These appliances often serve as critical gateways for mobile device management (MDM) or unified endpoint management (UEM) solutions, making their compromise particularly dangerous.
The risk profile for Ivanti Sentry instances varies significantly based on their deployment and management. When Sentry is properly managed by Ivanti Endpoint Manager Mobile (EPMM), the vulnerable APIs are protected by mutual TLS (mTLS), severely restricting external access. This significantly reduces the attack surface, making exploitation much harder for external, unauthenticated attackers. However, unmanaged Sentry instances are explicitly not intended for production environments. If you are running one of these, you are at maximum risk.
For Sentry appliances managed by Ivanti Neurons for MDM, restrict internet access to the vulnerable API endpoint. Implement a strong firewall rule or use a Zero Trust solution like Cloudflare Zero Trust to help segment and protect these critical assets from direct internet exposure, limiting attacker reach until patches are applied.
To remediate, patch CVE-2026-10520 on Ivanti Sentry immediately. Ivanti released the necessary updates on June 10, 2026. Federal agencies have until June 15, 2026, a tight 3-day window, to apply these patches. For all other organizations, consider this deadline a strong recommendation to avoid becoming the next breach headline.
| Product | Version Range | Fixed Version |
|---|---|---|
| Ivanti Sentry | Prior to 10.5.2 | 10.5.2 |
| Ivanti Sentry | 10.5.x (prior to 10.6.2) | 10.6.2 |
| Ivanti Sentry | 10.6.x (prior to 10.7.1) | 10.7.1 |
Patch Links:
- Ivanti Advisory: https://www.ivanti.com/support/product-documentation
- NVD Entry: https://nvd.nist.gov/vuln/detail/CVE-2026-10520
- CISA KEV Entry: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
Timeline:
- Patch Release: June 10, 2026
- CISA KEV Addition (Active Exploitation Confirmed): June 12, 2026 (2 days post-patch)
- Federal Patch Deadline: June 15, 2026 (3 days from KEV addition)
Technical Breakdown
CVE-2026-10520 is an OS command injection, meaning an attacker can trick the Ivanti Sentry appliance into executing arbitrary system commands as root. This vulnerability likely stems from insufficient input validation within a specific API endpoint that is reachable without authentication. When an attacker sends specially crafted input to this endpoint, the Sentry's underlying operating system interprets and executes it as a command, rather than benign data.
Think of it like a barista who takes your order for "coffee with sugar." If the barista's system is poorly designed, and you order "coffee with sugar; and then empty the cash register," the system might actually try to perform both actions. In this analogy, the poorly designed system is the vulnerable API, and "empty the cash register" is the malicious OS command. The Sentry appliance, expecting benign input, blindly executes the attacker's instructions with its own high privileges.
This attack falls under T1190 Exploit Public-Facing Application in the MITRE ATT&CK framework. Attackers use a weakness in an internet-accessible service to gain initial access. Given the "unauthenticated remote attacker" and "root privileges" aspects, it also leads to T1068 Exploitation for Privilege Escalation as the immediate outcome. Once they have root access on the Sentry, they can then perform further actions, like downloading additional tools (T1105 Ingress Tool Transfer) or creating new accounts (T1136 Create Account) to maintain persistence.
The technical root cause of this flaw is a direct violation of SI-10 Information Input Validation from NIST SP 800-53. Effective input validation is necessary for any application, especially those exposed to untrusted input from the internet. Had the Sentry appliance rigorously validated and sanitized all incoming data before passing it to system functions, this command injection would have been mitigated. Failing to implement this control allows attackers to subvert the intended functionality and gain unauthorized access and control.
Historical Context
This is not Ivanti's first time dealing with critical, actively exploited zero-days. Just five months prior, in January 2026, the company patched two other critical zero-day vulnerabilities, CVE-2026-1281 and CVE-2026-1340, in Ivanti Endpoint Manager Mobile (EPMM). Both were code injection issues leading to unauthenticated remote code execution and were quickly added to the CISA KEV catalog (SecurityWeek).
The pattern here is disturbingly similar: critical Ivanti vulnerabilities, often involving command or code injection, allowing unauthenticated remote access, rapid exploitation in the wild, and swift CISA KEV catalog additions. In the January 2026 incidents, threat actors were observed weaponizing the flaws quickly after discovery, highlighting a known predisposition for Ivanti products to become high-value targets. This makes CVE-2026-10520 another data point in a concerning trend.
While the specific product is different—Sentry versus EPMM—the underlying severity (RCE with root privileges) and the speed of active exploitation remain consistent. The January 2026 EPMM flaws were exploited by groups demonstrating sophisticated capabilities, including webshell deployment and persistence, echoing the potential impact we face with Sentry today. This history should drive home the urgency to patch CVE-2026-10520 on Ivanti Sentry immediately.
Data at a Glance
| Metric | Value | Source |
|---|---|---|
| CVSS Score | 10.0 | NVD |
| CISA KEV Addition Date | June 12, 2026 | CISA |
| Days to KEV from Patch | 2 days | CISA, Ivanti |
| Federal Patch Deadline | June 15, 2026 | CISA |
| Federal Remediation Window | 3 days | CISA |
| Root Privilege Grant | Yes | NVD |
The CVEDaily Take
The rapid addition of CVE-2026-10520 to the KEV catalog, based on honeypot exploitation, indicates a critical shift in the threat detection and remediation timeline. Ivanti's initial "no evidence of exploitation" statement was contradicted within 48 hours by CISA's intelligence, suggesting either a gap in Ivanti's immediate visibility or CISA's ability to rapidly correlate early-stage exploitation attempts. We believe this discrepancy highlights how quickly threat actors identify and attempt to weaponize critical flaws, especially in widely deployed perimeter appliances. The new BOD 26-04 implicitly acknowledges that public statements about exploitation status cannot be taken as definitive; instead, the risk of unauthenticated root access demands immediate action.
Beyond the immediate patch, what is your strategy for hardening perimeter appliances to prevent initial access in the face of persistent Ivanti zero-days?
FAQ
Q: What is CVE-2026-10520?
A: CVE-2026-10520 is a critical OS command injection vulnerability (CVSS 10.0) in Ivanti Sentry that allows unauthenticated remote attackers to execute arbitrary commands with root privileges. It was added to the CISA KEV catalog on June 12, 2026, due to active exploitation attempts.
Q: Which Ivanti Sentry versions are affected by CVE-2026-10520?
A: All Ivanti Sentry versions prior to 10.5.2, 10.6.2, and 10.7.1 are vulnerable. These fixed versions were released by Ivanti on June 10, 2026.
Q: What's the immediate mitigation for CVE-2026-10520 if I can't patch right away?
A: Ivanti recommends restricting internet access to the vulnerable API, especially for Sentry appliances managed by Ivanti Neurons for MDM. For Sentry instances managed by Ivanti EPMM, the vulnerable APIs are protected by mTLS, reducing risk. Unmanaged instances are not meant for production environments and should be disconnected or patched immediately.
