
[CIVN-2026-0363] Multiple Vulnerabilities in Ivanti Sentry
—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256
Multiple Vulnerabilities in Ivanti Sentry
Indian – Computer Emergency Response Team (https://www.cert-in.org.in)
Severity Rating: CRITICAL
Software Affected
Ivanti Sentry 10.5.x versions prior to 10.5.2
Ivanti Sentry 10.6.x versions prior to 10.6.2
Ivanti Sentry 10.7.x versions prior to 10.7.1
Overview
Multiple vulnerabilities have been reported in Ivanti Sentry, which could allow a remote unauthenticated attacker to execute arbitrary code with root privileges, bypass authentication, create arbitrary administrative accounts, and gain full administrative access on the targeted system.
Target Audience:
IT administrators, security administrators, network administrators, and organizations using Ivanti Sentry.
Risk Assessment:
Critical risk of complete system compromise, unauthorized administrative access, and execution of arbitrary commands.
Impact Assessment:
Potential for complete system compromise, unauthorized administrative access, and arbitrary code execution with root privileges.
Description
Ivanti Sentry, formerly known as MobileIron Sentry, is an in-line gateway that manages, encrypts, and secures traffic between mobile devices and backend enterprise systems.
Multiple critical vulnerabilities have been reported in Ivanti Sentry due to improper neutralization of special elements used in an operating system command and authentication bypass using an alternate path or channel.
Successful exploitation of these vulnerabilities could allow a remote unauthenticated attacker to execute arbitrary code with root privileges, bypass authentication, create arbitrary administrative accounts, and gain full administrative access on the targeted system.
Note: CVE-2026-10520 is being actively exploited in the wild.
Solution
Upgrade to Ivanti Sentry versions 10.5.2, 10.6.2 or 10.7.1, as applicable, by applying the security updates provided by Ivanti immediately:
https://hub.ivanti.com/s/article/Security-Advisory-Ivanti-Sentry-CVE-2026-10520-CVE-2026-10523?language=en_US
Vendor Information
Ivanti
https://hub.ivanti.com/s/article/Security-Advisory-Ivanti-Sentry-CVE-2026-10520-CVE-2026-10523?language=en_US
References
https://hub.ivanti.com/s/article/Security-Advisory-Ivanti-Sentry-CVE-2026-10520-CVE-2026-10523?language=en_US
CVE Name
CVE-2026-10520
CVE-2026-10523
– —
Thanks and Regards,
CERT-In
Incident Response Help Desk
e-mail: incident@cert-in.org.in
Phone: +91-11-22902657
Toll Free Number: 1800-11-4949
Toll Free Fax : 1800-11-6969
Web: http://www.cert-in.org.in
PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4
PGP Key information:
https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS
Postal address:
Indian Computer Emergency Response Team (CERT-In)
Ministry of Electronics and Information Technology
Government of India
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003
—–BEGIN PGP SIGNATURE—–
iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmpWSEQACgkQ3jCgcSdc
ys+r1A/9GkMeU9VlQU0TZlZYSaAa7TPyhaS2d9ogLiBKHMY1yx35y6pmSIeMDF7Z
NwWcDhWFt28mEkUsnd1Th9damJV90aZgs3rDteQZUQWgaODbR1Zwz+7S0Oo9MrOa
oW+T6npEQu1k+99qH8FzYWjHlcU1/1EWHc0atfmT95JjHW51aTTNeyBYchmnQTpK
3MgrxAOnsVYnIYOWrA3WwZcokTmyL2knS1N6DKAhrU8pol24kwNPD3InETn3JxRn
nsDzVqYSvNgwioUB+FD59ZOSM0nzEZy8v2ISPkXR2yjExyY2tzwYYbPSxscTie42
3rGkiB3CH3N5DYbB/7MsDo3IOZeT3fhU7GyM8sOyOfNXYCAP6OcQvyqhqSDveOT7
galpz1r7RRefSek9tYpDNXfEwQpoJ2eeYcf7wIGGw7a2HXq2DqXsjZv+xPstmuPj
y/+hUx3t7hE5QpPS6BIlXuuSIPuj92izeZ2LU59saw+Kghi3Fmy25CJLDavkyPaT
6PSqhLytVnn88JeYHVnDb0dcbTcIB88qZYfEcl4TAg5sOOKa7vwHSEtj0rDiHz/H
rdxAwCbPlDmrzp7Em9MDq2lof3oSxZpptnRJRlbSO5Ig1FITFJ5k6ChxS9thp/S8
VeuyDYWhmSZ87x9O4B5YySZALxTGcLX2r7HQHwg1yVgbq0oMvFk=
=8QHb
—–END PGP SIGNATURE—–


