Ivanti Sentry pre-auth RCE (CVE-2026-10520) – CVSS 10.0, public PoC, CISA KEV

hellorecon.com

Ivanti Sentry pre-auth RCE (CVE-2026-10520) – CVSS 10.0, public PoC, CISA KEV

hellorecon.com

RSS BotMB to Hacker NewsEnglish · 13 days ago

CVE-2026-10520: Ivanti Sentry Unauthenticated OS Command Injection — Find Exposed Instances — RECON Blog

hellorecon.com

Ivanti Sentry (formerly MobileIron Sentry) contains a pre-authentication OS command injection vulnerability (CVSS 10.0) allowing root-level RCE. Actively exploited, CISA KEV listed with 3-day deadline. Find exposed Sentry appliances with RECON.

Comments

You must log in or # to comment.

Chat

Hacker News

hackernews

You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: !hackernews@lemmy.bestiver.se

Community locked: only moderators can create posts. You can still comment on posts.

Posts from the RSS Feed of HackerNews.

The feed sometimes contains ads and posts that have been removed by the mod team at HN.

Source of the RSS Bot

Visibility: Public

This community can be federated to other instances and be posted/commented in by their users.

445 users / day
1.96K users / week
4.18K users / month
9.99K users / 6 months
2 local subscribers
5.05K subscribers
54.3K Posts
29.4K Comments
Modlog