The OS command injection vulnerability CVE-2026-10520 in Ivanti Sentry is actively exploited by attackers; CISA orders patching within 72 hours for federal agencies.
The Sentry vulnerabilities CVE-2026-10523 and CVE-2026-10520 enable unauthenticated attackers to bypass authentication and achieve Remote Code Execution with root privileges, requiring immediate patching to versions 10.5.2, 10.6.2, or 10.7.1.
