






















The cause of the flaw has at the time of writing not been shared by the vendor.
CVE-2026-10520: An OS command injection vulnerability that allows a remote unauthenticated attacker to execute arbitrary commands with root privileges on affected devices.
CVE-2026-10523: An authentication bypass vulnerability that allows a remote unauthenticated attacker to create arbitrary administrative accounts and gain full administrative access A proof-of-concept exploit is available to the public[2].
CVE-2026-10520
CVE-2026-10523
Ivanti Sentry versions prior to R10.5.2, R10.6.2 and R10.7.1[1].
At the time of disclosure, Ivanti stated that it was not aware of any customers being exploited by these vulnerabilities[1].
Truesec recommends that if you are effected, upgrade Ivanti Sentry to versions 10.5.2, 10.6.2 and 10.7.1 as soon as possible.
The versions are found here[1]:
10.5.2:
New Sentry Instance: https://support.mobileiron.com/mi/sentry/10.5.2-3/sentry-mobileiron-10.5.2-3.iso
Updating existing Sentry appliance: https://support.mobileiron.com/mi/sentry/10.5.2-3/
10.6.2:
New Sentry Instance: https://support.mobileiron.com/mi/sentry/10.6.2-4/sentry-mobileiron-10.6.2-4.iso
Updating existing Sentry appliance: https://support.mobileiron.com/mi/sentry/10.6.2-4/
10.7.1:
New Sentry Instance: https://support.mobileiron.com/mi/sentry/10.7.1-3/sentry-mobileiron-10.7.1-3.iso
Updating existing Sentry appliance: https://support.mobileiron.com/mi/sentry/10.7.1-3/
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。