CVE-2026-10520

CriticalKnown Exploited

An OS Command Injection vulnerability in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote unauthenticated…

ivanti·CWE-78·Published 2026-06-09

CVSS

10.0

EPSS

0.60

KEV

Yes

Exploits

cve.orgen

184 chars

An OS Command Injection vulnerability in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote unauthenticated user to achieve root-level remote code execution

NVDen

184 chars

An OS Command Injection vulnerability in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote unauthenticated user to achieve root-level remote code execution

Version	Type	Source	Base	Exp	Impact	Vector
3.1	Primary	cve.org	10.0	—	—	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
3.1	Secondary	NVD	10.0	3.9	6.0	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CVE-2026-10520

CVSS metrics across sources