CVSS 10.0 critical pre auth vulnerability in Ivanti Sentry actively exploited in the wild; CISA KEV listed with 3 day remediation deadline; public PoC available from watchTowr Labs.
Severity: CVSS 10.0 Critical (CVSS 3.1: AV:N/AC:L/PR:N/UI:N/S:C)
Status: Actively exploited in the wild — CISA KEV listed June 11, 2026
Remediation Deadline: June 14, 2026 (3-day CISA KEV deadline)
Public PoC: Available from watchTowr Labs
Affected Versions: R10.5.x, R10.6.x, R10.7.x (before R10.5.2, R10.6.2, R10.7.1)
Fixed Versions: R10.5.2, R10.6.2, R10.7.1 — Ivanti Advisory
A pre-authentication OS command injection vulnerability in Ivanti Sentry allows remote, unauthenticated attackers to achieve root-level code execution on unpatched appliances. The flaw, tracked as CVE-2026-10520 (CWE-78: OS Command Injection), carries a CVSS 10.0 score — the maximum available — and has been observed being exploited in active attacks.
The vulnerability exists in Ivanti Sentry's MICS configuration API. The /mics/api/v2/sentry/mics-config/handleMessage endpoint accepts unauthenticated POST requests and passes user-supplied input directly into OS command execution via Java reflection, with no credentials or user interaction required. The attack is straightforward: a single crafted POST request with a malicious message parameter can trigger command execution as root. The response includes the command output, providing immediate feedback to the attacker. watchTowr Labs has published a public proof-of-concept.
Ivanti Sentry (formerly MobileIron Sentry) is an in-line gateway that manages, encrypts, and secures traffic between mobile devices and backend enterprise systems. It typically sits in the DMZ controlling ActiveSync email traffic and enforcing device-level access decisions for Microsoft Exchange, working alongside Ivanti Endpoint Manager Mobile (EPMM). Compromising Sentry gives an attacker a pivot point into email servers, internal applications, and the broader enterprise network.
The same Ivanti advisory covers CVE-2026-10523 (CVSS 9.9) — a separate authentication bypass that allows remote unauthenticated attackers to create arbitrary administrative accounts and gain full admin access to the Sentry appliance. Both vulnerabilities share the same patch timeline and should be treated as a single urgent remediation cluster.
The /mics/api/v2/sentry/mics-config/handleMessage endpoint is internet-facing on default Ivanti Sentry deployments, making direct exploitation trivial for any attacker with network access. Organizations running unpatched versions of Ivanti Sentry (R10.5.x before 10.5.2, R10.6.x before 10.6.2, R10.7.x before 10.7.1) should treat this as an active breach scenario and apply the vendor patches immediately.
The 3-day CISA KEV remediation deadline of June 14, 2026 reflects the urgency: CISA has assessed this vulnerability as being actively exploited in the wild. Any internet-exposed Ivanti Sentry instance should be patched or taken offline until a patch can be applied.
Apply Ivanti Sentry patches R10.5.2, R10.6.2, or R10.7.1 per the Ivanti advisory. Until patching is complete, organizations should consider whether their Sentry instances are directly internet-accessible and take steps to restrict exposure. The standard hardening guidance for MDM gateways — minimal external attack surface, strict firewall rules on management interfaces, and monitoring for Indicators of Compromise — applies here as well.
This story will be updated as more information becomes available from NVD, CISA, and Ivanti.