Introduction
A maximum severity OS command injection in Ivanti Sentry grants any remote, unauthenticated attacker full root level code execution on the appliance, earning a perfect CVSS score of 10.0. For organizations that deploy Sentry as an inline gateway between mobile devices and backend corporate systems, this vulnerability effectively hands over the keys to a critical network chokepoint without requiring a single credential.
Ivanti Sentry (formerly MobileIron Sentry) is an inline application gateway that tunnels traffic and data between mobile devices and corporate backend systems. It is typically deployed alongside Ivanti Endpoint Manager Mobile (EPMM) as part of the Ivanti Unified Endpoint Management platform, serving enterprises that need to secure mobile access to internal resources. Ivanti acquired MobileIron for $872 million in 2020, and Sentry inherited the MobileIron codebase, a detail that becomes relevant when examining the recurring vulnerability patterns in this product line.
Technical Information
Vulnerability Classification
CVE-2026-10520 is classified under CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'). The NVD description states:
An OS Command Injection vulnerability in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote unauthenticated user to achieve root-level remote code execution.
The CVSS score of 10.0 is the maximum possible, implying a network attack vector, low attack complexity, no privileges required, no user interaction needed, and complete impact across confidentiality, integrity, and availability. As of June 9, 2026, the NVD has not yet published a formal CVSS vector string; the assessment is listed as "NVD assessment not yet provided."
Ivanti Sentry Architecture and Attack Surface
Ivanti Sentry exposes management interfaces on ports 8443 (MICS portal) and 8433 (System Manager Portal), both of which have served as attack surfaces in prior vulnerabilities. The product runs as a standalone appliance and processes traffic inline between mobile endpoints and enterprise backends, making it both network reachable and operationally critical.
Root Cause and Historical Precedent
While the specific vulnerable endpoint for CVE-2026-10520 has not been publicly detailed beyond the NVD description, the vulnerability class and product history provide strong context. The most instructive precedent is CVE-2023-38035, a prior critical RCE in Ivanti Sentry documented by Synacktiv. In that vulnerability, the MICSLogService Hessian service exposed the uploadFileUsingFileInput method, which could be called anonymously on the MICS portal (accessible on port 8443 at /mics/services/MICSLogService). The method accepted a SystemCommandRequestDTO object containing a command field that was passed directly to Runtime.getRuntime().exec(cmd) with no sanitization:
public synchronized JSONObject uploadFileUsingFileInput( final SystemCommandRequestDTO requestDTO, ServletContext servletContext) { try { String cmd = requestDTO.getCommand(); Runtime rt = Runtime.getRuntime(); Process proc = rt.exec(cmd); String fname = requestDTO.getInputFile(); file = new RandomAccessFile(fname, "r");
The SystemCommandRequestDTO also exposed a setRoot(true) method. Synacktiv demonstrated exploitation by crafting a Hessian2 serialized payload, sending it via HTTP POST with Content-Type: application/x-hessian, and achieving command execution as the tomcat2 user (uid=497). The proof of concept showed the attacker writing a JSP webshell to the appliance's web application directory:
$ curl -ski -H 'Content-Type: application/x-hessian' --data-binary @payload \
"https://sentry.local:8443/mics/services/MICSLogService"
HTTP/1.1 200 [...]
$ curl -sk https://sentry.local:8443/mics/css/css.jsp -H 'WS: cat /mi/release;id'
Sentry Standalone 9.18.0 Build 6
uid=497(tomcat2) gid=102(tomcat) groups=102(tomcat)
Key Differences from CVE-2023-38035
CVE-2026-10520 differs from the 2023 flaw in two important ways. First, it explicitly grants root level execution rather than the tomcat2 service account. Second, it affects the R10.x branch (versions before R10.5.2, R10.6.2, and R10.7.1), whereas CVE-2023-38035 affected versions 9.18.0 and below. The recurrence of OS Command Injection (CWE-78) in the same product family across major version branches suggests a systemic pattern of insufficient input validation in Sentry's administrative and management interfaces, rather than an isolated coding error.
Paired Vulnerability: CVE-2026-10523
The Ivanti advisory covers both CVE-2026-10520 and CVE-2026-10523 together. The companion vulnerability has no public description yet, and its relationship to CVE-2026-10520 (whether it is a chainable flaw, a separate issue in a different component, or a variant) remains unknown. Defenders should address both CVEs simultaneously.
Summary Table
| Attribute | Detail |
|---|---|
| CVE ID | CVE-2026-10520 |
| CVSS Score | 10.0 (Critical) |
| CWE | CWE-78 (OS Command Injection) |
| Authentication Required | None (unauthenticated) |
| Privileges Gained | Root |
| Attack Complexity | Low (implied by CVSS 10.0) |
| User Interaction | None required |
| Affected Versions | Before R10.5.2, R10.6.2, R10.7.1 |
| Fixed Versions | R10.5.2, R10.6.2, R10.7.1 |
| Paired CVE | CVE-2026-10523 |
Affected Systems and Versions
The vulnerability affects Ivanti Sentry across three concurrent release branches:
- All versions before R10.5.2 in the R10.5.x branch
- All versions before R10.6.2 in the R10.6.x branch
- All versions before R10.7.1 in the R10.7.x branch
The three separate fixed versions indicate that Ivanti maintains at least three concurrent release branches for Sentry, and the vulnerable code was present in all three branches prior to patching. Organizations must verify their exact Sentry release number against all three patched versions; recent deployments are not necessarily safe.
The fixed versions are R10.5.2, R10.6.2, and R10.7.1.
Vendor Security History
Ivanti's security track record, particularly for products inherited from the MobileIron acquisition, reveals a sustained pattern of critical vulnerabilities. Several have been confirmed as actively exploited in the wild, with CISA adding them to the Known Exploited Vulnerabilities catalog.
| CVE | Product | CVSS | Type | Exploitation Status | Date |
|---|---|---|---|---|---|
| CVE-2023-38035 | Ivanti Sentry | Critical | Authentication Bypass / RCE | Actively Exploited (CISA KEV, Aug 2023) | Aug 2023 |
| CVE-2023-46805 | Ivanti Connect Secure | Critical | Authentication Bypass | Actively Exploited | Early 2024 |
| CVE-2024-21887 | Ivanti Connect Secure | Critical | Command Injection | Actively Exploited | Early 2024 |
| CVE-2025-4428 | Ivanti EPMM | Critical | Unauthenticated RCE | Actively Exploited (China nexus actors) | 2025 |
| CVE-2026-1281 | Ivanti EPMM | 9.8 | Unauthenticated RCE | Actively Exploited (CISA KEV) | Jan 2026 |
| CVE-2026-1340 | Ivanti EPMM | 9.8 | Code Injection / RCE | Actively Exploited | Jan 2026 |
| CVE-2026-6973 | Ivanti EPMM | High | Improper Input Validation | Zero day attacks reported | May 2026 |
| CVE-2026-10520 | Ivanti Sentry | 10.0 | OS Command Injection / Root RCE | Under investigation | Jun 2026 |
The recurrence of CWE-78 OS Command Injection specifically in Sentry across multiple version branches raises questions about whether the codebase's input validation practices have been fundamentally improved since the MobileIron acquisition.
Threat Actor Interest in Ivanti Products
The threat intelligence context for this vulnerability is significant:
China nexus threat actors have been observed exploiting Ivanti EPMM vulnerabilities (CVE-2025-4428) for initial access, as documented by EclecticIQ analysts.
Initial Access Brokers and cryptomining operators targeted the prior Sentry flaw CVE-2023-38035 within days of disclosure. Darktrace documented post exploitation activity that included internal network reconnaissance using Responder for LLMNR poisoning, port scanning with ncat and TxPortMap, and cryptocurrency mining via Kinsing malware and Monero miners.
Rapid weaponization has been the norm for Ivanti EPMM flaws in 2026. Unit42 reported widespread exploitation of CVE-2026-1281 and CVE-2026-1340, with attackers deploying web shells. CVE-2026-6973 was exploited as a zero day before the patch was publicly available.
Indicators of Compromise from Prior Sentry Exploitation
Based on the Darktrace analysis of CVE-2023-38035 exploitation, organizations should monitor for the following patterns that may indicate exploitation of CVE-2026-10520 or similar Sentry flaws:
| Category | Indicator | Description |
|---|---|---|
| Initial Access | Unauthenticated SSL to port 8433/8443 | Connections to System Manager or MICS portal without credentials |
| Payload Delivery | wget/cURL from Sentry appliance | Unexpected outbound HTTP requests using command line tools |
| OOB Testing | Connections to oast.site / oast.live | Interactsh out of band testing service for exploit validation |
| Reconnaissance | 78.128.113[.]130 | Hosted /awp.tar.gz and /resp.tar.gz (Responder tool) |
| Reconnaissance | 45.86.162[.]147, 195.123.240[.]183 | Served ncat and TxPortMap port scanning tools |
| Cryptomining | 140.228.24[.]160, aelix[.]xyz | Mining infrastructure endpoints |
| Cryptomining | pool.supportxmr[.]com, xmr.2miners[.]com | Monero mining pool connections |
| Kinsing Malware | 185.122.204[.]197 (/unk.sh, /se.sh) | Kinsing malware download server |
| Kinsing Malware | 185.221.154[.]208 (/mg, /ki) | Kinsing malware secondary server |
Recommended Compensating Controls
While patches are being staged, the following compensating controls should be applied:
- Network Isolation: Restrict access to Ivanti Sentry management interfaces (ports 8443 and 8433) to trusted administrative networks only. Do not expose these ports to the internet.
- VPN with MFA: If Sentry management must be reached remotely, require VPN access with multi factor authentication before allowing connections to the management portal.
- WAF Rules: Deploy web application firewall rules to block Hessian serialization payloads (
Content-Type: application/x-hessian) targeting the/mics/services/MICSLogServiceendpoint, based on the attack pattern observed in CVE-2023-38035. - Behavioral Monitoring: Monitor for unexpected outbound connections from Sentry appliances, especially to cryptocurrency mining pools, OOB testing domains, and known malware infrastructure.
Given the CVSS 10.0 severity, unauthenticated root access, and the well documented pattern of rapid weaponization of Ivanti vulnerabilities by both state sponsored and criminal threat actors, the probability of imminent exploitation of CVE-2026-10520 is very high. Organizations should treat patching as an emergency priority.
References
- NVD: CVE-2026-10520
- Ivanti Security Advisory: CVE-2026-10520 and CVE-2026-10523
- Synacktiv: Ivanti Sentry / MobileIron Sentry Unauthenticated Remote Code Execution
- Darktrace: Entry via Sentry, Analyzing the Exploitation of a Critical Vulnerability in Ivanti Sentry
- EclecticIQ: China Nexus Threat Actor Actively Exploiting Ivanti EPMM
- Unit42: Critical Vulnerabilities in Ivanti EPMM Exploited
- Help Net Security: Ivanti EPMM Zero Day CVE-2026-6973
- Ivanti: Sentry Secure Mobile Gateway Product Page
- GreyNoise: Active Ivanti Exploitation
- Hive Pro: Ivanti Patches Actively Exploited EPMM Flaws
- Quorum Cyber: Ivanti Discloses Multiple Critical Vulnerabilities
- CISA Known Exploited Vulnerabilities Catalog
- Wikipedia: Ivanti



