Skip to content
Tech News
← Back to articles

Max-Severity Ivanti Flaw Exploited 24 Hours After Disclosure

2026-06-11 | original
read original get Ivanti Security Patch Kit → more articles

Threat actors pounced on a critical Ivanti Sentry vulnerability within 24 hours of its disclosure, using a public proof-of-concept (PoC) exploit in attacks.

Ivanti disclosed Tuesday CVE-2026-10520, an OS command injection vulnerability that affects the company's Sentry mobile gateway product prior to versions R10.5.2, R10.6.2 and R10.7.1. The vulnerability, which received a maximum severity CVSS score of 10, enables an unauthenticated attacker to remotely execute code with root privileges.

Ivanti disclosed the flaw along with another Sentry vulnerability, CVE-2026-10523, an authentication bypass flaw with a 9.9 CVSS score. In its security advisory, Ivanti initially said it was unaware of either flaw being exploited in the wild. But the situation apparently changed very quickly for CVE-2026-10520.

Public PoC for CVE-2026-10520 Triggers Exploitation

Cybersecurity vendor WatchTowr yesterday published a technical analysis of the flaw along with a PoC exploit. In a blog post the same day, Rapid7 warned the flaw is easy to weaponize and urged organizations to take immediate action.

Related:Bug Bounty Research Triggers ServiceNow Security Alert

"Given the trivial nature of exploitation and the availability of a public PoC, exploitation in-the-wild is likely to begin," Rapid7 researchers wrote. "Organizations running affected versions of Ivanti Sentry should remediate these issues on an urgent basis before exploitation in-the-wild begins."

Sure enough, attackers jumped on CVE-2026-10520 soon after. In a post on social media platform Mastodon, the Shadowserver Foundation said it observed "a large amount of Ivanti Sentry CVE-2026-10520 exploitation attempts based on the public PoC today."

Specifically, Shadowserver spotted 19 vulnerable instances, at least two of which were backdoored. "While our detection is on the lowish side due to multiple Ivanti Sentry instances not reachable in our scans (blocklisted?), if you have not patched now you are most likely compromised," Shadowserver said in the post.

Cybersecurity vendor Defused also picked up exploitation activity in its scans. Simo Kohonen, Defused founder and CEO, tells Dark Reading that attacks have "pretty much been non-stop active after the release of the Watchtowr PoC."

... continue reading

Explore topics: exploitation flaw ivanti ivanti sentry public
Related:
SpaceX market cap tops $2 trillion after shares of Elon Musk's rocket company gain 19% on debut
SpaceX market cap tops $2 trillion after shares of Elon Musk's rocket company gain 18% on debut
Top House Republican’s family investment poised to benefit from SpaceX IPO
SpaceX IPO: Live updates on everything you need to know
Have politics finally come for the National Academies of Science?

© 2026 GoKawiil

About | Editorial Policy | Contact