HIGHVulnerability
Verified
Global

CISA KEV: Ivanti Sentry — Ivanti Sentry OS Command Injection Vulnerability

·Source: CISA KEV

Updated:

Executive Summary

Ivanti Sentry (formerly known as MobileIron Sentry) contains an OS command injection vulnerability which could allow a remote unauthenticated user to achieve root-level remote code execution.

Analysis

Ivanti Sentry (formerly known as MobileIron Sentry) contains an OS command injection vulnerability which could allow a remote unauthenticated user to achieve root-level remote code execution. Added to CISA Known Exploited Vulnerabilities catalog on 2026-06-11. Remediation due: 2026-06-14.

Indicators of Compromise (1)

CVE (1)
CVE-2026-10520
NVDMITRE CVE
Source Attribution

Originally published by CISA KEV on Jun 11, 2026. Verified by: CISA.

Related Threats

MEDIUMVulnerability

Over 73,000 French govt employees affected in Tchap messenger breach

The French government revealed that a recent breach of its Tchap encrypted messaging platform affects the accounts of over 73,000 employees in the French public sector. [...]

BleepingComputer
MEDIUMVulnerability

Canada's Koho hits unicorn status and targets banking license

Canadian fintech Koho has raised C$130 million at a C$1.33 billion valuation, providing it with the initial capital base it needs in its pursuit of a federal banking license.

Finextra
MEDIUMVulnerability

Digital Asset raises $355m to make Canton the onchain infrastructure for capital markets

A host of financial services giants, including BNP Paribas, Coinbase and HSBC, have joined a $355 million funding round for Digital Asset, the firm behind the Canton Network public, permissionless blockchain purpose-built for institutional finance.

Finextra