Get the latest tech news

Ivanti Sentry pre-auth RCE (CVE-2026-10520) – CVSS 10.0, public PoC, CISA KEV

Ivanti Sentry (formerly MobileIron Sentry) contains a pre-authentication OS command injection vulnerability (CVSS 10.0) allowing root-level RCE. Actively exploited, CISA KEV listed with 3-day deadline. Find exposed Sentry appliances with RECON.

None

Get the Android app

Or read this on Hacker News

Read more on:

Photo of Ivanti Sentry

Ivanti Sentry

Photo of CVSS

CVSS

Photo of public PoC

public PoC

Related news:

Max severity Ivanti Sentry vulnerability now exploited in attacks

Notepad++ Zero-Click RCE via Path Traversal (CVE-2026-52884)

BadHost – CVE-2026-48710: Starlette Host-Header Auth Bypass

« Shall we play a game? My AI nuclear simulation

PIMCO’s Richard Clarida: AI Now a Major Economic Driver »