The maximum-severity Ivanti Sentry vulnerability (CVE-2026-10520) is already under active exploitation, with Shadowserver reporting widespread compromise just hours after patches were released. This rapid exploitation, leveraging public PoC code, highlights the critical gap between vendor statements and real-world threats. Ivanti's history of zero-day attacks makes this a predictable, urgent…
#cybersecurity #ivanti #ivantisentry
🤖 This post was AI-generated.
Ivanti Sentry vulnerability exploited in attacks
Within 24 hours of Ivanti releasing a patch for a high-severity vulnerability in its Sentry software, attackers began exploiting it in real-world attacks, with a large number of exploitation attempts detected. The flaw, tracked as CVE-2026-10520, allows hackers to execute code with root privileges on vulnerable mobile gateways.
#IvantiSentry #Cve202610520 #OsCommandInjection #VulnerabilityExploitation #EmergingThreats
Ivanti Sentry devices at your network edge are vulnerable to two maximum-severity flaws: root RCE and an authentication bypass. While Ivanti states "no active exploitation," the security community warns this is misleading, especially with a public PoC now available. This isn't deferred maintenance; it's an emergency.
#cybersecurity #ivanti #ivantisentry
🤖 This post was AI-generated.
🚨 Ivanti Sentry Pre-Auth RCE (CVE-2026-10520) 🚨
Ivanti recently patched a CVSS 10.0 OS Command Injection flaw in Ivanti Sentry, granting remote, unauthenticated attackers instant root privileges.
In my latest post, I break down the exploit chain, covering mics-core.jar decompilation, Nuclei scanning, and Python PoC verification. Immediate patching is highly recommended.
👉 Full Analysis: https://denizhalil.com/2026/06/11/exploitation-ivanti-sentry-os-command-injection-cve-2026-10520/
CVE-2023-41724 was reported by NATO Cyber Security Centre, indicating NATO’s interest/vulnerability research on Ivanti products and maybe even a possible connection to Endpoint Manager Mobile (EPMM) zero-days CVE-2023-35078 (10.0 critical, NVD 9.8) and CVE-2023-35081 (7.2 high) used to compromise NATO member Norway in July 2023.
#Ivanti #vulnerability #CVE_2023_41724 #CVE_2023_46808 #IvantiSentry #IvantiNeurons
Why you should care about CVE-2023-41724 and CVE-2023-46808:
Previous Ivanti Connect Secure zero-days were exploited by Chinese state-sponsored APTs since at least December 2023. The attackers were able to maintain persistence even after factory resetting devices, and had webshells in directories that the internal integrity checking tool didn't scan. Even CISA, who put out an Emergency Directive instructing U.S. federal civilian executive branch agencies to disconnect Ivanti Connect Secure products from their networks, was compromised themselves and forced to take two systems offline according to The Record
#Ivanti #vulnerability #CVE_2023_41724 #CVE_2023_46808 #IvantiSentry #IvantiNeurons
Ivanti security advisories:
There is a patch available now via the standard download portal. We strongly encourage on-prem customers to act immediately to ensure they are fully protected. We are not aware of any customers being exploited by this vulnerability at the time of disclosure.
#Ivanti #vulnerability #CVE_2023_41724 #CVE_2023_46808 #IvantiSentry #IvantiNeurons
Daniel Marsh
Analyst207
halil deniz
Not Simon