What happened
Ivanti released patches for two critical vulnerabilities in its Sentry secure mobile gateway solution, including a maximum-severity flaw that allows remote attackers to execute code with root privileges.
Ivanti Sentry, formerly known as MobileIron Sentry, is a security gateway appliance that secures traffic between back-end corporate systems and remote mobile devices.
The maximum-severity vulnerability is tracked as CVE-2026-10520 and stems from an OS command injection weakness. The second flaw, tracked as CVE-2026-10523, is a critical authentication bypass that can be exploited remotely by unauthenticated attackers to create rogue administrative accounts and gain full administrative access.
Ivanti patched both issues with the release of Sentry versions R10.5.2, R10.6.2, and R10.7.1.
Ivanti said it has no evidence that the two vulnerabilities are being exploited in the wild at the time of disclosure. The company also said there is no known public exploitation of the vulnerability that could be used to provide a list of indicators of compromise.
The company advised administrators to upgrade their systems to protect against potential attacks.
Who is affected
Organizations using Ivanti Sentry are affected, especially those running versions prior to R10.5.2, R10.6.2, or R10.7.1.
Because Ivanti Sentry secures traffic between back-end corporate systems and remote mobile devices, exploitation could expose organizations to significant enterprise risk. CVE-2026-10520 allows remote code execution with root privileges, while CVE-2026-10523 could allow unauthenticated attackers to create rogue administrative accounts and gain full administrative access.
Ivanti said it is not aware of any customers being exploited by these vulnerabilities at the time of disclosure.
Why CISOs should care
These vulnerabilities affect a security gateway appliance positioned between remote mobile devices and back-end corporate systems. That placement makes Ivanti Sentry a high-value target because compromise could give attackers privileged access to infrastructure that protects mobile access into enterprise environments.
The severity of the flaws is also significant. One vulnerability allows remote code execution as root, while the other allows unauthenticated attackers to create rogue administrative accounts and gain full administrative access. Together, these issues create a serious exposure window for organizations that delay patching.
The disclosure also reinforces the need to treat edge and gateway security products as priority patching assets. Even though Ivanti said there is no evidence of exploitation at disclosure, Ivanti vulnerabilities have often been targeted in attacks in recent years because they can provide a path into enterprise networks and sensitive corporate or customer data.
3 practical actions
- Upgrade Ivanti Sentry immediately: Ivanti patched the two vulnerabilities in Sentry versions R10.5.2, R10.6.2, and R10.7.1. Administrators should upgrade affected systems to a fixed version to reduce exposure to remote code execution and authentication bypass attacks.
- Review administrative accounts for unauthorized changes: CVE-2026-10523 can allow unauthenticated attackers to create rogue administrative accounts and gain full administrative access. Security teams should review administrator account creation, privilege changes, and unexpected access events around Ivanti Sentry systems.
- Prioritize edge security appliances in vulnerability management: Ivanti Sentry sits between remote mobile devices and back-end corporate systems. CISOs should ensure security gateways, mobile access appliances, and other externally exposed security tools are tracked, patched quickly, and monitored as high-priority assets.
John Kevin Hao is a news and feature writer covering cybersecurity, technology, and business targeted for professional audiences.