CVE-2026-10520
10.0 CRITICALAn OS Command Injection vulnerability in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote unauthenticated u...
Published: 2026-06-09 · Last updated: 2026-06-09
Severity and scoring
- CVSS
- 10.0 CRITICAL
- Vector
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
- CWE
- CWE-78
Description
An OS Command Injection vulnerability in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote unauthenticated user to achieve root-level remote code execution
Source: NVD
References
Related CVEs
Same CWE
- CVE-2026-24719 — A command injection vulnerability has been reported to affect several QNAP operating system versions
- CVE-2026-22893 — A command injection vulnerability has been reported to affect several QNAP operating system versions
- CVE-2025-66279 — A command injection vulnerability has been reported to affect several QNAP operating system versions
- CVE-2025-66273 — A command injection vulnerability has been reported to affect several QNAP operating system versions
- CVE-2026-49959 — Hermes WebUI before version 0.51.311 contains a remote code execution vulnerability that allows authenticated attackers to execute arbitr... (8.8 HIGH)