Storia in 4 fonti

Max severity Ivanti Sentry vulnerability now exploited in attacks

Attackers are now targeting a recently patched maximum-severity flaw in Ivanti Sentry, enabling them to execute code with root privileges on Internet-exposed secure mobile gateways.

Raccontata dableepingcomputer.comtheregister.comdarkreading.comsecurityweek.com

Confronto fonti

4 prospettive sulla stessa storia

AI · summaries

darkreading.com8 g fa

Max-Severity Ivanti Sentry Flaw Exploited Within 24 Hours

CVE-2026-10520 (CVSS 10) in Ivanti Sentry enables unauthenticated RCE with root, exploited within 24h of PoC release. The gateway appliance controls enterprise device access; compromised credentials enable lateral movement. Sophisticated threat actors had Ivanti's landscape pre-mapped.

Leggi questa versione → originale

theregister.com10 g fa

Ivanti tells Sentry customers to patch now as critical bugs hit 10.0 and 9.9

Remote, unauthenticated RCE with root privileges is about as bad as it gets

Leggi questa versione → originale

securityweek.com8 g fa

Ivanti Sentry Exploitation Attempts Hitting Honeypots

CISA flagged CVE-2026-10520 (CVSS 10/10) in Ivanti Sentry as exploited; Ivanti reports honeypot-only attacks. Risk is minimal unless port 8443 is internet-exposed; mTLS or restricted access negates the threat—misconfiguration is the real vulnerability.

Leggi questa versione → originale

bleepingcomputer.com8 g fa

CISA orders feds to patch actively exploited Ivanti flaw by Sunday

CISA mandated a 3-day patch for CVE-2026-10520, an OS command injection in Ivanti Sentry gateways, which is actively exploited. Unpatched systems are likely already compromised—this poses an immediate threat to network security for any organization using these appliances.

Leggi questa versione → originale

Timeline cronologica

1. mercoledì 10 giugno 2026·bleepingcomputer.com
   

   Ivanti: Max severity Sentry flaw allows code execution as root

   Ivanti has patched two critical vulnerabilities in its Sentry secure mobile gateway solution, including a maximum-severity flaw that enables remote attackers to execute code with…

2. mercoledì 10 giugno 2026·theregister.com
   

   Ivanti tells Sentry customers to patch now as critical bugs hit 10.0 and 9.9

   Remote, unauthenticated RCE with root privileges is about as bad as it gets

3. giovedì 11 giugno 2026·bleepingcomputer.com
   

   Max severity Ivanti Sentry vulnerability now exploited in attacks

   Attackers are now targeting a recently patched maximum-severity flaw in Ivanti Sentry, enabling them to execute code with root privileges on Internet-exposed secure mobile…

4. giovedì 11 giugno 2026·darkreading.com
   

   Max-Severity Ivanti Sentry Flaw Exploited Within 24 Hours

   Initial methods suggest attackers had likely mapped out Ivanti's asset landscape upfront and acted quickly once the exploit became public.

5. venerdì 12 giugno 2026·bleepingcomputer.com
   

   CISA orders feds to patch actively exploited Ivanti flaw by Sunday

   The U.S. Cybersecurity and Infrastructure Security Agency (CISA) ordered government agencies to patch an actively exploited Ivanti Sentry flaw within three days, as mandated by…

6. venerdì 12 giugno 2026·securityweek.com
   

   Ivanti Sentry Exploitation Attempts Hitting Honeypots

   CVE-2026-10520, a critical-severity vulnerability in Ivanti Sentry, was flagged as exploited based on activity observed on honeypots.