Overview
- Ivanti on Tuesday issued Sentry updates 10.5.2, 10.6.2 and 10.7.1 to fix two critical vulnerabilities and also released fixes for several Endpoint Manager Mobile (EPMM) flaws.
- CVE-2026-10520 is an unauthenticated OS command injection that can let a remote attacker run arbitrary code as root on vulnerable Sentry appliances.
- CVE-2026-10523 is an authentication-bypass flaw that can allow an attacker to create administrator accounts and gain full control of a Sentry device.
- Researchers from WatchTowr published technical analysis and a detection script for CVE-2026-10520, and Ivanti says it has no evidence of active exploitation at disclosure.
- Because Sentry commonly sits on internet-reachable networks and can expose credentials and session tokens, organizations should apply the patches, scan for vulnerable instances, and monitor logs for indicators of compromise.