Storia in 4 fonti

Ivanti: Max severity Sentry flaw allows code execution as root

Ivanti has patched two critical vulnerabilities in its Sentry secure mobile gateway solution, including a maximum-severity flaw that enables remote attackers to execute code with root privileges.

Raccontata da

Confronto fonti

4 prospettive sulla stessa storia

AI · summaries

bleepingcomputer.comStai leggendo2 g fa

Ivanti: Max severity Sentry flaw allows code execution as root

Ivanti has patched two critical vulnerabilities in its Sentry secure mobile gateway solution, including a maximum-severity flaw that enables remote attackers to execute code with root privileges.

originale

theregister.com2 g fa

Ivanti tells Sentry customers to patch now as critical bugs hit 10.0 and 9.9

Remote, unauthenticated RCE with root privileges is about as bad as it gets

Leggi questa versione → originale

darkreading.com22 h fa

Max-Severity Ivanti Sentry Flaw Exploited Within 24 Hours

CVE-2026-10520 (CVSS 10) in Ivanti Sentry enables unauthenticated RCE with root, exploited within 24h of PoC release. The gateway appliance controls enterprise device access; compromised credentials enable lateral movement. Sophisticated threat actors had Ivanti's landscape pre-mapped.

Leggi questa versione → originale

securityweek.com8 h fa

Ivanti Sentry Exploitation Attempts Hitting Honeypots

CISA flagged CVE-2026-10520 (CVSS 10/10) in Ivanti Sentry as exploited; Ivanti reports honeypot-only attacks. Risk is minimal unless port 8443 is internet-exposed; mTLS or restricted access negates the threat—misconfiguration is the real vulnerability.

Leggi questa versione → originale

Timeline cronologica

mercoledì 10 giugno 2026·bleepingcomputer.com
Ivanti: Max severity Sentry flaw allows code execution as root
Ivanti has patched two critical vulnerabilities in its Sentry secure mobile gateway solution, including a maximum-severity flaw that enables remote attackers to execute code with…
mercoledì 10 giugno 2026·theregister.com
Ivanti tells Sentry customers to patch now as critical bugs hit 10.0 and 9.9
Remote, unauthenticated RCE with root privileges is about as bad as it gets
giovedì 11 giugno 2026·darkreading.com
Max-Severity Ivanti Sentry Flaw Exploited Within 24 Hours
Initial methods suggest attackers had likely mapped out Ivanti's asset landscape upfront and acted quickly once the exploit became public.
venerdì 12 giugno 2026·securityweek.com
Ivanti Sentry Exploitation Attempts Hitting Honeypots
CVE-2026-10520, a critical-severity vulnerability in Ivanti Sentry, was flagged as exploited based on activity observed on honeypots.