ZeroPath at Black Hat USA 2026

Ivanti Sentry CVE-2026-10520: Quick Look at a CVSS 10.0 Unauthenticated Root RCE via OS Command Injection

A brief summary of CVE-2026-10520, a maximum severity OS command injection in Ivanti Sentry that allows unauthenticated attackers to achieve root level remote code execution across three release branches.

CVE Analysis

10 min read

ZeroPath CVE Analysis
ZeroPath CVE Analysis

2026-06-09

Ivanti Sentry CVE-2026-10520: Quick Look at a CVSS 10.0 Unauthenticated Root RCE via OS Command Injection
Experimental AI-Generated Content

This CVE analysis is an experimental publication that is completely AI-generated. The content may contain errors or inaccuracies and is subject to change as more information becomes available. We are continuously refining our process.

If you have feedback, questions, or notice any errors, please reach out to us.

[email protected]

Introduction

A maximum severity OS command injection in Ivanti Sentry grants any remote, unauthenticated attacker full root level code execution on the appliance, earning a perfect CVSS score of 10.0. For organizations that deploy Sentry as an inline gateway between mobile devices and backend corporate systems, this vulnerability effectively hands over the keys to a critical network chokepoint without requiring a single credential.

Ivanti Sentry (formerly MobileIron Sentry) is an inline application gateway that tunnels traffic and data between mobile devices and corporate backend systems. It is typically deployed alongside Ivanti Endpoint Manager Mobile (EPMM) as part of the Ivanti Unified Endpoint Management platform, serving enterprises that need to secure mobile access to internal resources. Ivanti acquired MobileIron for $872 million in 2020, and Sentry inherited the MobileIron codebase, a detail that becomes relevant when examining the recurring vulnerability patterns in this product line.

Technical Information

Vulnerability Classification

CVE-2026-10520 is classified under CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'). The NVD description states:

An OS Command Injection vulnerability in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote unauthenticated user to achieve root-level remote code execution.

The CVSS score of 10.0 is the maximum possible, implying a network attack vector, low attack complexity, no privileges required, no user interaction needed, and complete impact across confidentiality, integrity, and availability. As of June 9, 2026, the NVD has not yet published a formal CVSS vector string; the assessment is listed as "NVD assessment not yet provided."

Ivanti Sentry Architecture and Attack Surface

Ivanti Sentry exposes management interfaces on ports 8443 (MICS portal) and 8433 (System Manager Portal), both of which have served as attack surfaces in prior vulnerabilities. The product runs as a standalone appliance and processes traffic inline between mobile endpoints and enterprise backends, making it both network reachable and operationally critical.

Root Cause and Historical Precedent

While the specific vulnerable endpoint for CVE-2026-10520 has not been publicly detailed beyond the NVD description, the vulnerability class and product history provide strong context. The most instructive precedent is CVE-2023-38035, a prior critical RCE in Ivanti Sentry documented by Synacktiv. In that vulnerability, the MICSLogService Hessian service exposed the uploadFileUsingFileInput method, which could be called anonymously on the MICS portal (accessible on port 8443 at /mics/services/MICSLogService). The method accepted a SystemCommandRequestDTO object containing a command field that was passed directly to Runtime.getRuntime().exec(cmd) with no sanitization:

public synchronized JSONObject uploadFileUsingFileInput( final SystemCommandRequestDTO requestDTO, ServletContext servletContext) { try { String cmd = requestDTO.getCommand(); Runtime rt = Runtime.getRuntime(); Process proc = rt.exec(cmd); String fname = requestDTO.getInputFile(); file = new RandomAccessFile(fname, "r");

The SystemCommandRequestDTO also exposed a setRoot(true) method. Synacktiv demonstrated exploitation by crafting a Hessian2 serialized payload, sending it via HTTP POST with Content-Type: application/x-hessian, and achieving command execution as the tomcat2 user (uid=497). The proof of concept showed the attacker writing a JSP webshell to the appliance's web application directory:

$ curl -ski -H 'Content-Type: application/x-hessian' --data-binary @payload \
  "https://sentry.local:8443/mics/services/MICSLogService"
HTTP/1.1 200 [...]

$ curl -sk https://sentry.local:8443/mics/css/css.jsp -H 'WS: cat /mi/release;id'
Sentry Standalone 9.18.0 Build 6
uid=497(tomcat2) gid=102(tomcat) groups=102(tomcat)

Key Differences from CVE-2023-38035

CVE-2026-10520 differs from the 2023 flaw in two important ways. First, it explicitly grants root level execution rather than the tomcat2 service account. Second, it affects the R10.x branch (versions before R10.5.2, R10.6.2, and R10.7.1), whereas CVE-2023-38035 affected versions 9.18.0 and below. The recurrence of OS Command Injection (CWE-78) in the same product family across major version branches suggests a systemic pattern of insufficient input validation in Sentry's administrative and management interfaces, rather than an isolated coding error.

Paired Vulnerability: CVE-2026-10523

The Ivanti advisory covers both CVE-2026-10520 and CVE-2026-10523 together. The companion vulnerability has no public description yet, and its relationship to CVE-2026-10520 (whether it is a chainable flaw, a separate issue in a different component, or a variant) remains unknown. Defenders should address both CVEs simultaneously.

Summary Table

AttributeDetail
CVE IDCVE-2026-10520
CVSS Score10.0 (Critical)
CWECWE-78 (OS Command Injection)
Authentication RequiredNone (unauthenticated)
Privileges GainedRoot
Attack ComplexityLow (implied by CVSS 10.0)
User InteractionNone required
Affected VersionsBefore R10.5.2, R10.6.2, R10.7.1
Fixed VersionsR10.5.2, R10.6.2, R10.7.1
Paired CVECVE-2026-10523

Affected Systems and Versions

The vulnerability affects Ivanti Sentry across three concurrent release branches:

  • All versions before R10.5.2 in the R10.5.x branch
  • All versions before R10.6.2 in the R10.6.x branch
  • All versions before R10.7.1 in the R10.7.x branch

The three separate fixed versions indicate that Ivanti maintains at least three concurrent release branches for Sentry, and the vulnerable code was present in all three branches prior to patching. Organizations must verify their exact Sentry release number against all three patched versions; recent deployments are not necessarily safe.

The fixed versions are R10.5.2, R10.6.2, and R10.7.1.

Vendor Security History

Ivanti's security track record, particularly for products inherited from the MobileIron acquisition, reveals a sustained pattern of critical vulnerabilities. Several have been confirmed as actively exploited in the wild, with CISA adding them to the Known Exploited Vulnerabilities catalog.

CVEProductCVSSTypeExploitation StatusDate
CVE-2023-38035Ivanti SentryCriticalAuthentication Bypass / RCEActively Exploited (CISA KEV, Aug 2023)Aug 2023
CVE-2023-46805Ivanti Connect SecureCriticalAuthentication BypassActively ExploitedEarly 2024
CVE-2024-21887Ivanti Connect SecureCriticalCommand InjectionActively ExploitedEarly 2024
CVE-2025-4428Ivanti EPMMCriticalUnauthenticated RCEActively Exploited (China nexus actors)2025
CVE-2026-1281Ivanti EPMM9.8Unauthenticated RCEActively Exploited (CISA KEV)Jan 2026
CVE-2026-1340Ivanti EPMM9.8Code Injection / RCEActively ExploitedJan 2026
CVE-2026-6973Ivanti EPMMHighImproper Input ValidationZero day attacks reportedMay 2026
CVE-2026-10520Ivanti Sentry10.0OS Command Injection / Root RCEUnder investigationJun 2026

The recurrence of CWE-78 OS Command Injection specifically in Sentry across multiple version branches raises questions about whether the codebase's input validation practices have been fundamentally improved since the MobileIron acquisition.

Threat Actor Interest in Ivanti Products

The threat intelligence context for this vulnerability is significant:

China nexus threat actors have been observed exploiting Ivanti EPMM vulnerabilities (CVE-2025-4428) for initial access, as documented by EclecticIQ analysts.

Initial Access Brokers and cryptomining operators targeted the prior Sentry flaw CVE-2023-38035 within days of disclosure. Darktrace documented post exploitation activity that included internal network reconnaissance using Responder for LLMNR poisoning, port scanning with ncat and TxPortMap, and cryptocurrency mining via Kinsing malware and Monero miners.

Rapid weaponization has been the norm for Ivanti EPMM flaws in 2026. Unit42 reported widespread exploitation of CVE-2026-1281 and CVE-2026-1340, with attackers deploying web shells. CVE-2026-6973 was exploited as a zero day before the patch was publicly available.

Indicators of Compromise from Prior Sentry Exploitation

Based on the Darktrace analysis of CVE-2023-38035 exploitation, organizations should monitor for the following patterns that may indicate exploitation of CVE-2026-10520 or similar Sentry flaws:

CategoryIndicatorDescription
Initial AccessUnauthenticated SSL to port 8433/8443Connections to System Manager or MICS portal without credentials
Payload Deliverywget/cURL from Sentry applianceUnexpected outbound HTTP requests using command line tools
OOB TestingConnections to oast.site / oast.liveInteractsh out of band testing service for exploit validation
Reconnaissance78.128.113[.]130Hosted /awp.tar.gz and /resp.tar.gz (Responder tool)
Reconnaissance45.86.162[.]147, 195.123.240[.]183Served ncat and TxPortMap port scanning tools
Cryptomining140.228.24[.]160, aelix[.]xyzMining infrastructure endpoints
Cryptominingpool.supportxmr[.]com, xmr.2miners[.]comMonero mining pool connections
Kinsing Malware185.122.204[.]197 (/unk.sh, /se.sh)Kinsing malware download server
Kinsing Malware185.221.154[.]208 (/mg, /ki)Kinsing malware secondary server

While patches are being staged, the following compensating controls should be applied:

  1. Network Isolation: Restrict access to Ivanti Sentry management interfaces (ports 8443 and 8433) to trusted administrative networks only. Do not expose these ports to the internet.
  2. VPN with MFA: If Sentry management must be reached remotely, require VPN access with multi factor authentication before allowing connections to the management portal.
  3. WAF Rules: Deploy web application firewall rules to block Hessian serialization payloads (Content-Type: application/x-hessian) targeting the /mics/services/MICSLogService endpoint, based on the attack pattern observed in CVE-2023-38035.
  4. Behavioral Monitoring: Monitor for unexpected outbound connections from Sentry appliances, especially to cryptocurrency mining pools, OOB testing domains, and known malware infrastructure.

Given the CVSS 10.0 severity, unauthenticated root access, and the well documented pattern of rapid weaponization of Ivanti vulnerabilities by both state sponsored and criminal threat actors, the probability of imminent exploitation of CVE-2026-10520 is very high. Organizations should treat patching as an emergency priority.

References

Detect & fix
what others miss

Works with
  • GitHub
  • GitLab
  • Bitbucket
  • Azure DevOps Services
  • Jira
  • Linear
  • Slack
  • Security Compass
Security magnifying glass visualization