CVE-2026-10520CISA KEVEPSS p99.0%

CVE-2026-10520Ivanti Sentry OS Command Injection Vulnerability

Ivanti / Sentry

Description

Ivanti Sentry (formerly known as MobileIron Sentry) contains an OS command injection vulnerability which could allow a remote unauthenticated user to achieve root-level remote code execution. This vulnerability can be successfully exploited in cases where the Sentry appliance is in an unmanaged state with its endpoints externally reachable. The use of mTLS with EPMM or restricted HTTPS access through Neurons for MDM makes interfaces inaccessible to external actors.

Scoring

CVSS 10.0 ()
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
EPSS59.52% probability of exploitation · percentile 99.0% · 2026-06-18T12:00:27Z
Last modified2026-06-12

CISA KEV entry

Added to KEV: 2026-06-11

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-10727
CVE
CVE-2026-10523
CVE
CVE-2025-22467
CVE
CVE-2026-5786
CVE
CVE-2026-5788
CVE
CVE-2026-8111
Sourced from NVD + CISA KEV + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.