Critical Sentry Vulnerability Enables Root Code Execution

Ivanti Addresses Critical Vulnerabilities in Sentry Secure Mobile Gateway

Leading security software provider Ivanti has taken swift action to patch two critical vulnerabilities in its Sentry secure mobile gateway solution. These vulnerabilities pose significant risks, with one flaw allowing remote attackers to execute code with root privileges.

Formerly known as MobileIron Sentry, Ivanti Sentry plays a crucial role as a security gateway appliance that secures traffic between corporate systems and remote mobile devices.

The most severe vulnerability, tracked as CVE-2026-10520, is attributed to an OS command injection weakness. The second critical vulnerability, identified as CVE-2026-10523, is an authentication bypass flaw that enables unauthenticated attackers to create rogue administrative accounts and gain full administrative access.

Ivanti has promptly addressed both security issues by releasing patches in Sentry versions R10.5.2, R10.6.2, and R10.7.1.

Fortunately, there is no current evidence of these vulnerabilities being exploited in the wild. However, Ivanti advises system administrators to update their systems to safeguard against potential attacks.

Ivanti stated, “We are not aware of any customers being exploited by these vulnerabilities at the time of disclosure. Currently, there is no known public exploitation of this vulnerability that could be used to provide a list of indicators of compromise.”

Over the years, Ivanti vulnerabilities have been targeted in cyber attacks due to their susceptibility to breach enterprise networks and compromise sensitive data.

Recently, the Cybersecurity and Infrastructure Security Agency (CISA) mandated U.S. federal agencies to patch their Ivanti devices following the company’s warning about a high-severity remote code execution vulnerability in Endpoint Manager Mobile (EPMM) that had been exploited in zero-day attacks.

Several other Ivanti zero-day vulnerabilities have been exploited, including critical EPMM vulnerabilities addressed in January after being leveraged in zero-day attacks against a limited number of customers.

CISA has identified 34 vulnerabilities in various SolarWinds products that have been actively exploited in attacks over the years, with 12 of them used in ransomware attacks.

With over 40,000 clients globally and supported by a vast network of partners and employees, Ivanti’s IT asset management solutions play a vital role in securing organizations’ assets.

Security teams detect only 14% of successful attacks, leaving 54% unnoticed. Discover how breach and attack simulation can enhance your detection capabilities in the Picus whitepaper.

Download the whitepaper now to strengthen your security defenses.