Skip to content
hacker_posts

CISA gives feds 3 days to patch Ivanti Sentry CVE-2026-10520

Unauthenticated root RCE in Ivanti Sentry. CVSS 10.0. Shadowserver sees exploitation a day after the patch. CISA KEV deadline is June 14.

Published 5 min read
cveivantisentrycisakev

CISA added CVE-2026-10520 to its Known Exploited Vulnerabilities catalog on June 11, 2026 with a three-day federal patch deadline of June 14, 2026 — the shortest BOD 22-01 SLO CISA has issued to date. The flaw is an unauthenticated OS command injection in the Ivanti Sentry mobile-device gateway (formerly MobileIron Sentry) that yields remote code execution as root. CVSS v3.1 is 10.0. Ivanti shipped fixes in R10.5.2, R10.6.2, and R10.7.1 under advisory SA-2026-0610 on June 9, 2026; Shadowserver observed in-the-wild exploitation against unpatched gateways within 24 hours.

A second flaw in the same advisory, CVE-2026-10523 (CVSS 9.9, authentication-bypass enabling arbitrary administrator account creation), ships in the same hotfix bundle and should be treated as the same patch event.

What the bug does

CVE-2026-10520 lives in the MICS configuration API at /mics/api/v2/sentry/mics-config/handleMessage. The endpoint accepts unauthenticated POSTs and passes user-supplied input directly into OS command execution via Java reflection. CWE-78. No credentials, no user interaction, no preconditions beyond network reachability to the management interface — and management interfaces on Sentry are frequently reachable from the internet because operators expose them to manage EMM/UEM platforms across sites.

Exploitation yields code execution as root on the appliance, which on Sentry means full visibility into the mobile-device-management traffic the gateway proxies: enrolment tokens, certificate material, ActiveSync credentials in flight, and the configuration of every Ivanti EPMM tenant the Sentry serves.

Affected versions

Per Ivanti's advisory:

  • All versions of Ivanti Sentry prior to R10.5.2 on the R10.5.x train.
  • All versions prior to R10.6.2 on the R10.6.x train.
  • All versions prior to R10.7.1 on the R10.7.x train.

Fixed versions are R10.5.2 / R10.6.2 / R10.7.1, released June 9, 2026. CVE-2026-10523 is patched in the same release set.

Exploitation status

Shadowserver Foundation reported scan telemetry against the /mics/api/v2/sentry/mics-config/handleMessage endpoint starting June 10, 2026 — one day after Ivanti's advisory — keyed on payloads matching the public proof of concept. Their published scan summary identified 19 vulnerable internet-reachable instances and 2 already backdoored at the time of the post.

CISA's KEV add the next day is the authoritative "exploited in the wild" determination here. Ivanti's advisory hedges further: "Ivanti is aware of exploitation attempts" — vendor framing that, in past Ivanti incidents (e.g., the CVE-2024-22024 / CVE-2024-21887 cluster on Connect Secure), preceded a public confirmation of compromised customer environments by days.

A public exploit (attributed to watchtowr Labs) is on GitHub. Operators should assume the PoC is being weaponised as widely as scanning permits.

Action checklist

  1. Patch to R10.5.2, R10.6.2, or R10.7.1 today. This is the CISA federal deadline (June 14); for everyone else it is the patch SLO that public PoC + active scanning demands. Reboot is required; schedule the maintenance window now, not next week.
  2. Get the MICS interface off the public internet. The /mics/api/v2/ admin surface should never have been routable from arbitrary networks. Restrict to a management VLAN and apply ACLs at the upstream firewall. If you cannot identify which Sentry interfaces are exposed, assume all of them are until proven otherwise.
  3. Hunt for compromise on every Sentry that has been internet-reachable since June 9. Two backdoors in 19 scanned instances is a base rate to take seriously. Pull /var/log/messages and the MICS API access logs; look for POSTs to /mics/api/v2/sentry/mics-config/handleMessage with shell-meta payloads, and for unexpected children of the MICS Java process (shell, curl, wget, python).
  4. Patch CVE-2026-10523 at the same time. The auth-bypass admin-creation flaw is in the same advisory and fixed by the same release. If an attacker reached the admin surface via 10520 they can persist via 10523 even after the command-injection path is closed.
  5. Rotate every secret the Sentry handled. Enrolment tokens, MDM-issued certs that touched the appliance, ActiveSync service account credentials, and any local admin credentials configured on Sentry itself. Root on the appliance means everything in memory or on disk should be considered exposed.
  6. Federal civilian agencies: BOD 22-01 deadline is June 14, 2026. Document remediation through CISA's standard reporting flow.

Context

CVE-2026-10520 is the fourth maximum-severity unauthenticated RCE in an Ivanti perimeter appliance in 24 months. It sits in a now-recognisable lineage: CVE-2024-22024 (Connect Secure XXE), CVE-2024-21887 (Connect Secure command injection), CVE-2026-35616 (FortiClient EMS — different vendor, same architectural pattern). The shared shape: a management API on a perimeter box, designed assuming network isolation that no real deployment honours, with input-handling that does not survive contact with an unauthenticated POST.

Sentry's MICS API is a textbook example of the bug class — Java reflection routed from an HTTP endpoint into shell execution, with no auth gate in front of it. The three-day federal deadline is CISA's signal that the agency considers this a wartime-cadence patch, not a routine KEV add. Treat it accordingly: every internet-reachable Ivanti Sentry today is a Tier-0 asset whose patch SLO is measured in hours.

If your organisation runs Ivanti EPMM, Sentry sits in front of it and proxies the device traffic. A compromised Sentry is functionally a compromised MDM. Plan the post-patch hunt and credential rotation now — the patch alone does not close the window the PoC opened.

Related stories