This vulnerability can be successfully exploited in cases where the Sentry appliance is in an unmanaged state with its endpoints externally reachable. The use of mTLS with EPMM or restricted HTTPS access through Neurons for MDM makes interfaces inaccessible to external actors. It is important for customers to know that exploitation of CVE-2026-10520 requires access to the management port (8443). Management interfaces should never be exposed to the internet, though honeypots often have misconfigurations to identify malicious behavior. The risk it poses is significantly decreased based on deployment and configuration.
| Vendor | Product | Versions |
|---|---|---|
| ivanti | standalone_sentry | 10.5.1, 10.6.1, 10.7.0 |
Downstream vendors/products affected by this vulnerability
| Vendor | Product | Source | Confidence |
|---|---|---|---|
| ivanti | sentry | cert_advisory | 90% |
Updated description with detailed exploitation conditions and added new tags related to CISA's KEV catalog.
Added affected versions 10.5.1, 10.6.1, and 10.7.0, and updated patch available to 10.5.2.
Added detailed description of Ivanti Sentry's functionality and included new tag related to state-sponsored cyberespionage.
Updated 'activelyExploited' to false, set 'patchAvailable' to null, and added new tag 'remote code execution'.
Added a detailed description including an example HTTP request and updated affected versions and patch availability.
Updated affected versions to include 10.7.0, 10.6.1, and 10.5.1, added new patch versions, provided a detailed technical description, and included a new IOC for the vulnerable endpoint.
Updated description with additional context about Ivanti Sentry and confirmed patched versions.
Updated actively exploited status to true based on new article information.
Updated affected versions to R10.5.1, R10.6.1, R10.7.0 and corrected exploit availability to false.
Initial creation
