CISA has added CVE-2026-10520 in Ivanti Sentry to its Known Exploited Vulnerabilities catalog after reporting signs of exploitation, while Ivanti says the activity was only seen on honeypots. The flaw is a critical unauthenticated OS command injection issue that can lead to remote root code execution, and fixes are available in Ivanti Sentry versions 10.5.2, 10.6.2, and 10.7.1. #CISA #IvantiSentry #CVE-2026-10520
Keypoints
- CISA added CVE-2026-10520 to its KEV catalog.
- Ivanti says the observed activity was limited to honeypots.
- The flaw is a remote, unauthenticated OS command injection bug.
- Successful exploitation could grant root-level code execution.
- Patches are available in Ivanti Sentry 10.5.2, 10.6.2, and 10.7.1.
Read More: https://www.securityweek.com/ivanti-sentry-exploitation-attempts-hitting-honeypots/