News Score: Score the News, Sort the News, Rewrite the Headlines

CVE-2026-10520: Ivanti Sentry Unauthenticated OS Command Injection — How to Find Exposed Instances

JUNE 11, 2026CVSS 10.0 · CRITICAL · ACTIVELY EXPLOITED5 MIN READIvanti Sentry (formerly MobileIron Sentry) contains a pre-authentication OS command injection vulnerability that gives remote attackers root-level code execution. CVSS 10.0, actively exploited in the wild, CISA KEV listed with a 3-day remediation deadline. A public PoC is available from watchTowr Labs. Here's how to find Ivanti Sentry appliances on your network.The VulnerabilityCVE-2026-10520 (CWE-78: OS Command Injection) is a maxi...

Read more at hellorecon.com

© News Score  score the news, sort the news, rewrite the headlines