Ivanti: >> Standalone Sentry Security Vulnerabilities
CVE-2026-10520
An OS Command Injection vulnerability in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote unauthenticated user to achieve root-level remote code execution
Known exploited
CVSS Score
10.0
EPSS Score
0.595
Published
2026-06-09
Insecure permissions in Ivanti Sentry before versions 9.20.2 and 10.0.2 or 10.1.0 allow a local authenticated attacker to modify sensitive application components.
CVSS Score
8.8
EPSS Score
0.002
Published
2024-12-10
A command injection vulnerability in Ivanti Sentry prior to 9.19.0 allows unauthenticated threat actor to execute arbitrary commands on the underlying operating system of the appliance within the same physical or logical network.
CVSS Score
9.6
EPSS Score
0.128
Published
2024-03-31