Skip to main content
Meet us at Black Hat USA 2026— Las Vegas, August 1–6Book a Meeting
Mallory
CriticalCISA KEVExploited in the wildPublic exploit

Ivanti Sentry Pre-Auth OS Command Injection RCE

IdentifiersCVE-2026-10520CWE-78· Improper Neutralization of Special…

CVE-2026-10520 is a critical OS command injection vulnerability in Ivanti Sentry (formerly MobileIron Sentry) affecting versions prior to R10.5.2, R10.6.2, and R10.7.1. The flaw allows a remote unauthenticated attacker to supply crafted input that is passed unsanitized into a system-level command, resulting in operating system command execution as root. Supporting reporting indicates the vulnerable code path is in the Sentry web application's ConfigServiceController and is reachable via a POST request to the unauthenticated endpoint /mics/api/v2/sentry/mics-config/handleMessage. The issue is described as pre-authentication and network-reachable, with no user interaction required.

Share:
For your environment

Are you exposed to this one?

Mallory correlates every CVE against your assets, your vendors, and active adversary campaigns. Know which vulnerabilities matter for you, not just which ones are loud.

ANALYST BRIEF

Impact, mitigation & remediation

What it means. What to do now. Patch path, mitigations, and the assume-compromise checklist.

Impact

What an attacker gets, and what they’ve been doing with it.

Successful exploitation results in root-level remote code execution on the affected Ivanti Sentry appliance. Because Sentry commonly operates as a secure mobile gateway between external mobile devices and internal enterprise services, compromise can provide an attacker with control of the appliance, access to stored credentials and configuration data, theft of session material, user impersonation opportunities, weakening or modification of security controls, deployment of backdoors, and potential pivoting into backend corporate systems and internal applications. Multiple sources in the provided content state that exploitation has been observed in the wild and that some exposed instances were found backdoored.

Mitigation

If you can’t patch tonight, do this now.

If immediate patching is not possible, remove or strictly restrict external access to the Sentry management/interface endpoints, especially unauthenticated exposure of the vulnerable web endpoint. The provided content indicates exploitation is successful when endpoints are externally reachable and notes that management interfaces should not be exposed to the internet. Managed Sentry instances protected by EPMM mTLS were reported as protected in that configuration. Organizations should isolate affected appliances, monitor for exploitation attempts and unauthorized changes, and treat unpatched internet-exposed instances as potentially compromised until validated otherwise.

Remediation

Patch, then assume compromise.

Upgrade Ivanti Sentry to a fixed release: R10.5.2, R10.6.2, or R10.7.1, or later vendor-provided fixed versions. Apply Ivanti's security advisory guidance and perform post-patch compromise assessment on previously exposed systems, as reporting in the provided content indicates active exploitation and backdoored internet-exposed instances. Where compromise is suspected, incident response actions should include integrity review of the appliance, removal of persistence, credential rotation, and review of logs and administrative state.
PUBLIC EXPLOITS

Exploits

3 valid exploits after Mallory filtered fakes, detection scripts, and README-only repos (3 hidden).

VALID 3 / 6 TOTALView more in app
spryCVE-2026-10520MaturityPoCVerified exploit

Repository is a small standalone Python exploit utility consisting of a minimal README and one main script, mass_checker.py. The script is not merely a detector: it actively sends a crafted POST request intended to trigger pre-auth command execution on Ivanti Sentry devices associated with CVE-2026-10520 / CVE-2026-10523. Its core exploit logic defines EXPLOIT_PATH as /mics/api/v2/sentry/mics-config/handleMessage and builds a form payload in the 'message' parameter containing an XML-like commandexec structure. By default it executes the 'id' command, but the operator can replace this with arbitrary commands using --cmd. Operationally, the script is designed as a high-throughput mass checker. It reads targets from a file line-by-line to avoid loading large target lists into memory, uses asyncio plus aiohttp for concurrent requests, and bounds concurrency with a semaphore. For each target, it tries HTTPS first and then HTTP, disables TLS verification, avoids redirects, and applies a configurable timeout. Response analysis treats HTTP 200 plus recognizable command output markers (such as <result><success>...</success></result>, <success>...</success>, or similar text) as evidence of successful exploitation. It also attempts to parse JSON-wrapped responses to recover embedded output. HTTP 401/403 are treated as likely patched or auth-gated, while other statuses/errors are recorded. The repository structure is straightforward: README.md only names the project, while mass_checker.py contains banner output, payload construction, response parsing, asynchronous worker logic, CLI argument parsing, progress reporting, and result serialization. The script’s purpose is bulk validation and exploitation-at-scale of exposed Ivanti Sentry instances, producing a results file and summary of vulnerable hosts. Because it supports arbitrary command input and extracts returned output, this is best characterized as an operational exploit/checker rather than a pure proof-of-concept.

emilliewatson96Disclosed Jul 1, 2026pythonmarkdownnetworkweb
CVE-2026-10520MaturityPoCVerified exploit

This repository is a small standalone Python proof-of-concept exploit for Ivanti Sentry, containing one executable script (CVE-2026-10520.py) and a README. The script uses the requests library to send a crafted unauthenticated POST request to the Ivanti Sentry MICS API endpoint '/mics/api/v2/sentry/mics-config/handleMessage'. The POST body places an operator-controlled command inside a message string: 'execute system /configuration/system/commandexec <commandexec><index>1</index><reqandres>{command}</reqandres></commandexec>'. The exploit then attempts to parse command output from the HTTP response using several regex patterns, indicating it is intended for direct command execution and output retrieval rather than mere detection. Capabilities include pre-auth remote command execution, optional proxy support, verbose debugging, disabled TLS verification for HTTPS targets, and simple response parsing to display command output. The exploit is interactive and operator-driven: it requires a target URL and command via CLI arguments. There is no advanced payload staging, persistence, lateral movement, or shell management; it is a direct command-execution PoC, making OPERATIONAL the best maturity fit. Repository structure is minimal: the Python script is the sole code artifact and clear entry point, while README.md documents usage, claimed affected versions, and example commands. No framework affiliation is present. The main fingerprintable target is the Ivanti Sentry API path used for message handling. The README claims the exploit targets CVE-2026-10520 and CVE-2026-10523 against Ivanti Sentry versions before 10.5.2, 10.6.2, and 10.7.1.

0xBlackashDisclosed Jun 11, 2026pythonmarkdownnetworkweb
watchTowr-vs-Ivanti-Sentry-RCE-CVE-2026-10520-CVE-2026-10523MaturityPoCVerified exploit

This repository is a small, single-purpose Python proof-of-concept for Ivanti Sentry authentication bypass and remote code execution associated with CVE-2026-10520 and CVE-2026-10523. The repo contains only two files: a README with usage/output examples and one Python script that performs the attack. The script is not part of a larger exploitation framework. The main capability is unauthenticated remote command execution against an Ivanti Sentry target. The operator supplies a base URL and an arbitrary command via --cmd. The script constructs a POST request to the Ivanti Sentry endpoint /mics/api/v2/sentry/mics-config/handleMessage with Content-Type application/x-www-form-urlencoded and a crafted message parameter containing an XML-like commandexec structure. It disables TLS certificate verification, optionally supports an HTTP proxy, and does not follow redirects. After sending the request, the script parses the response body and optionally JSON-decodes it. It checks for success markers ('Message handled successfully' and '<result><success>...') and extracts the command output with a regular expression. If extraction succeeds, it reports the target as vulnerable and prints the returned command output; otherwise it reports the target as not vulnerable. Repository structure is minimal and operational: README.md documents the vulnerability and demonstrates exploitation, while watchTowr-vs-Ivanti-Sentry-RCE-CVE-2026-10520-CVE-2026-10523.py is the executable entry point. Although described as a 'Detection Artifact Generator,' the code actively triggers command execution on the target, so it functions as a real exploit/verification tool rather than a passive detector.

watchtowrlabsDisclosed Jun 9, 2026pythonmarkdownnetworkweb
EXPOSURE SURFACE

Affected products & vendors

Products and vendors Mallory has correlated with this vulnerability. Open in Mallory to drill down to specific CPE configurations and version ranges.

VendorProductType
IvantiSentryapplication
IvantiStandalone Sentryapplication

Vendor-confirmed product mapping. Mallory continuously reconciles this list against your asset inventory.

What this page doesn’t show

The version that knows your environment.

This page is what’s public. Mallory adds the parts that aren’t: which of your assets are affected, which adversaries are exploiting it right now, which detections to deploy, and what to do tonight.
Exposure mapping

Query your assets running an affected version, and investigate the blast radius.

Threat actor evidence

Every observed campaign linking this CVE to a named adversary.

Associated malware1

Malware families riding this exploit, with evidence and IOCs.

Detection signatures2

YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.

Vendor-by-vendor mapping

Cross-references every affected SKU, including bundled OEM variants.

Social activity156

Community discussion across Reddit, Mastodon, and other social sources.