OS Command Injection RCE in Ivanti Sentry < R10.5.2,R10.6.2,R10.7.1: CVE-2026-10520 June 2026

An OS Command Injection vulnerability in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote unauthenticated user to achieve root-level remote code execution

Vulnerability Analysis

CVE-2026-10520 is exploitable with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to be critical as this vulnerability has a high impact to the confidentiality, integrity and availability of this component.

Attack Vector:

NETWORK

Attack Complexity:

LOW

Privileges Required:

NONE

User Interaction:

NONE

Scope:

CHANGED

Confidentiality Impact:

HIGH

Integrity Impact:

HIGH

Availability Impact:

HIGH

Weakness Type

What is a Shell injection Vulnerability?

The software constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

CVE-2026-10520 has been classified to as a Shell injection vulnerability or weakness.

OS Command Injection RCE in Ivanti Sentry < R10.5.2,R10.6.2,R10.7.1
CVE-2026-10520 Published on June 9, 2026

Vulnerability Analysis

Weakness Type

What is a Shell injection Vulnerability?

Affected Versions

OS Command Injection RCE in Ivanti Sentry < R10.5.2,R10.6.2,R10.7.1CVE-2026-10520 Published on June 9, 2026

Vulnerability Analysis

Weakness Type

What is a Shell injection Vulnerability?

Affected Versions

OS Command Injection RCE in Ivanti Sentry < R10.5.2,R10.6.2,R10.7.1
CVE-2026-10520 Published on June 9, 2026