Ivanti tells Sentry customers to patch now as critical bugs hit 10.0 and 9.9

Patches

Ivanti tells Sentry customers to patch now as critical bugs hit 10.0 and 9.9

Remote, unauthenticated RCE with root privileges is about as bad as it gets

It's patch time for Ivanti customers again after the security shop disclosed another two critical vulnerabilities in one of its products.Both bugs affect Ivanti Sentry, a mobile gateway that forms part of its broader unified endpoint management platform.The first and worst of the two is CVE-2026-10520 (10.0), a max-severity vulnerability that allows a remote, unauthenticated attacker to execute code with root privileges.

Flaws that allow root-level code execution without authentication are about as bad as vulnerabilities get, which explains the perfect-10 rating.