CVE-2026-10520

Ivanti Sentry OS Command Injection Vulnerability

Added to CISA KEV: 2026-06-11

By FixTheVuln Team Sources: CISA KEV Catalog, NVD
CVSS N/A — UNKNOWN ACTIVE
OWASP: A03 CWE-78

Description

Ivanti Sentry (formerly known as MobileIron Sentry) contains an OS command injection vulnerability which could allow...

Required Action

Fix: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.

References

Assess Your Risk

Use the CVSS Calculator to evaluate how this vulnerability affects your specific environment. Consider your network exposure, existing mitigations, and asset criticality.

Frequently Asked Questions

What is CVE-2026-10520?

CVE-2026-10520 (Ivanti Sentry OS Command Injection Vulnerability) is a vulnerability with a CVSS score of N/A (UNKNOWN). Ivanti Sentry (formerly known as MobileIron Sentry) contains an OS command injection vulnerability which could allow...

How do I fix CVE-2026-10520?

Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.

How severe is CVE-2026-10520?

CVE-2026-10520 has a CVSS score of N/A, classified as UNKNOWN. This vulnerability is in the CISA Known Exploited Vulnerabilities (KEV) catalog, meaning it has been actively exploited in the wild.

Free Security Tools

CVSS Calculator Security+ Practice Quiz Password Strength Checker

FixTheVuln Store

Stay Ahead of Vulnerabilities

Structured study planners for 60+ security certifications. Master vulnerability management with domain trackers and exam strategies.

Shop Security+ Planner

CyberFolio

Vulnerability management on your resume? Prove it.

Build a shareable cybersecurity portfolio that highlights your certifications, projects, and skills — free.

Build Your Portfolio →
← Back to Home ← All CVEs