CVE-2026-10520: A Critical Vulnerability in Ivanti Sentry
Ivanti, a security software company, has released patches to address two critical vulnerabilities in its Sentry secure mobile gateway solution. The most severe of these vulnerabilities, tracked as CVE-2026-10520, enables remote attackers to execute code with root privileges. This vulnerability stems from an OS command injection weakness, allowing attackers to inject malicious commands and execute them with elevated privileges.
Ivanti Sentry and Its Importance in Secure Mobile Gateways
Formerly known as MobileIron Sentry, Ivanti Sentry is a security gateway appliance designed to secure traffic between back-end corporate systems and remote mobile devices. Its primary function is to protect sensitive corporate and customer data by ensuring that all mobile devices accessing the network comply with the organization's security policies.
The second Sentry security flaw patched by Ivanti, tracked as CVE-2026-10523, is a critical authentication bypass vulnerability. This flaw can be exploited remotely by unauthenticated attackers to create rogue administrative accounts and gain full administrative access to the system, potentially leading to data breaches and other malicious activities.
Patching and Mitigation
Ivanti patched both security issues with the release of Sentry versions R10.5.2, R10.6.2, and R10.7.1. Fortunately, the company reported that it has no evidence of these vulnerabilities being exploited in the wild at the time of disclosure. However, to protect against potential attacks, Ivanti advised administrators to upgrade their systems as soon as possible.
We are not aware of any customers being exploited by these vulnerabilities at the time of disclosure. Currently, there is no known public exploitation of this vulnerability that could be used to provide a list of indicators of compromise.
This is not the first time Ivanti vulnerabilities have been targeted in attacks. In recent years, Ivanti vulnerabilities have often been exploited by cybercriminals due to their potential to breach targets' enterprise networks and steal sensitive data. For instance, the Cybersecurity and Infrastructure Security Agency (CISA) ordered U.S. federal agencies to patch their Ivanti devices in May after the company warned customers about a high-severity remote code execution vulnerability in Endpoint Manager Mobile (EPMM) that was exploited in zero-day attacks.
Previous Exploitations and the Importance of Patching
Multiple other Ivanti zero-days have been exploited in recent years to breach a wide range of targets, including government agencies worldwide. In January, Ivanti addressed two other critical EPMM vulnerabilities that were exploited as zero-days in attacks against a limited number of customers. The frequency and severity of these exploits underscore the importance of prompt patching and vulnerability management.
CISA has tagged 34 vulnerabilities across various SolarWinds products as actively exploited in attacks over the past several years, with 12 of them also used in ransomware attacks. This highlights the critical need for organizations to stay vigilant and ensure their systems are up-to-date with the latest security patches.
Ivanti's IT asset management solutions are used by over 40,000 clients worldwide, supported by a network of over 7,000 partners and more than 3,000 employees. The company's solutions play a crucial role in managing and securing IT assets for a significant portion of the global market.
Conclusion and Recommendations
The discovery and patching of CVE-2026-10520 and CVE-2026-10523 underscore the ongoing battle against cyber threats. Organizations must remain proactive in updating their systems and educating their teams about the latest vulnerabilities and patches. Regular security audits, penetration testing, and the implementation of a robust vulnerability management program are essential for protecting against sophisticated cyber attacks.
- Regularly update and patch all systems and software to prevent exploitation of known vulnerabilities.
- Implement a robust security framework that includes continuous monitoring and vulnerability management.
- Conduct regular security audits and penetration testing to identify and address potential weaknesses.
By taking these steps, organizations can significantly reduce their risk of falling victim to cyber attacks and protect their sensitive data and systems.
Source: BleepingComputer