Attackers are actively exploiting CVE-2026-10520, a maximum-severity Ivanti Sentry OS command injection flaw that can grant root code execution on Internet-exposed gateways. Shadowserver says many exposed devices may already be backdoored, even though Ivanti initially reported no evidence of in-the-wild exploitation. #Ivanti #Sentry #CVE-2026-10520 #Shadowserver
Keypoints
- Ivanti Sentry is vulnerable to a maximum-severity command injection flaw tracked as CVE-2026-10520.
- The bug can let attackers execute code with root privileges on exposed gateways.
- Ivanti released fixes in Sentry versions R10.5.2, R10.6.2, and R10.7.1.
- Shadowserver reported widespread exploitation and possible backdooring of exposed instances.
- CISA and other security teams continue to flag Ivanti products as frequent targets in real-world attacks.