CVE-2026-10520: Ivanti Sentry's Internal Config API Was Open to the Whole Internet
A perfect 10.0 pre-authenticated OS command injection in Ivanti Sentry lets any unauthenticated attacker execute arbitrary commands as root. Public PoC released June 10, 2026. Patch immediately.
June 11, 2026 | 6 min read | Xentrika Team