Ivanti patches critical remote code execution flaws in Sentry secure mobile gateway

AI-Generated Summary

2 sources

23 hours ago

1 views

Ivanti patches critical remote code execution flaws in Sentry secure mobile gateway

Key Points

Ivanti releases patches for two critical vulnerabilities in its Ivanti Sentry product: CVE-2026-10520 and CVE-2026-10523.
CVE-2026-10520 is described as enabling remote code execution with root-level privileges.
Reporting states the vulnerabilities are not known to be actively exploited at this time.
Technical details for CVE-2026-10520 have been published by security researchers, which could help attackers build exploits.
Ivanti urges customers to install the fixes promptly.

Ivanti has released patches for two critical vulnerabilities affecting its Sentry secure mobile gateway. The issues include CVE-2026-10520, described as a maximum-severity problem that can allow a remote attacker to execute code with root privileges, resulting in root-level compromise. Ivanti also fixes a second critical flaw, CVE-2026-10523. According to reporting from multiple outlets, Ivanti urges customers to apply the updates promptly.

While the vulnerabilities are not reported as being actively exploited in the wild, security researchers have already published technical details for at least one of the flaws (CVE-2026-10520). Those details may enable attackers to develop or refine a working exploit. The publications characterize Ivanti Sentry as a security gateway used to manage and protect mobile device connections outside of internal networks, positioning the product as a potential target for adversaries seeking unauthorized access.

Overall, the coverage focuses on the critical severity of both flaws, Ivanti’s mitigation through patched releases, and the risk that publicly available technical information could reduce barriers for exploitation.

How Outlets Covered This Story

HEL

Help Net Security

Critical Ivanti Sentry flaw allows root-level remote code execution (CVE-2026-10520)

Ivanti has patched two critical vulnerabilities (CVE-2026-10520 and CVE-2026-10523) in Ivanti Sentry and has urged customers to implement the fix right away. Though the vulnerabilities are not known to be actively exploited, security researchers have already released technical details about the former, which may be used by attackers to craft a working exploit. About Ivanty Sentry and the vulnerabilities Ivanti Sentry is a security gateway that acts as a gatekeeper between mobile devices outside of … More → The post Critical Ivanti Sentry flaw allows root-level remote code execution (CVE-2026-10520) appeared first on Help Net Security.

17 hours ago

BLE

Bleeping Computer

Ivanti: Max severity Sentry flaw allows code execution as root

Ivanti has patched two critical vulnerabilities in its Sentry secure mobile gateway solution, including a maximum-severity flaw that enables remote attackers to execute code with root privileges. [...]

1 day ago

We use cookies

This website uses cookies in order to enhance the overall user experience.

Take a look at our Cookies Policy for more information.

Ivanti patches critical remote code execution flaws in Sentry secure mobile gateway

Second night of unrest in Northern Ireland as rioters attack police in Co Antrim

Australia falls to a 3-0 defeat against Bangladesh in Mirpur

New Sydney airport firefighting station readied ahead of cargo flights