Overview
- Ivanti released fixes on June 9–10 for two critical Sentry flaws, including CVE-2026-10520, an unauthenticated OS command-injection bug that allows remote root code execution.
- Researchers published technical analysis and a public proof-of-concept targeting the /mics/api/v2/sentry/mics-config/handleMessage endpoint, and internet scanners began seeing exploit attempts within hours.
- Scanning groups reported multiple exposed and backdoored Sentry appliances, with Shadowserver finding 19 vulnerable instances and at least two already backdoored.
- CISA added CVE-2026-10520 to its Known Exploited Vulnerabilities catalog on June 11 and set a three-day remediation deadline, prompting urgent patching and audit orders for affected organizations.
- Defenders are advised to upgrade to R10.5.2/R10.6.2/R10.7.1, block external access to port 8443 and /mics paths, enable mTLS or firewall restrictions, and inspect Sentry and adjacent systems for signs of compromise.