CVE-2026-10520: Ivanti Sentry Unauthenticated OS Command Injection — How to Find Exposed Instances
Ivanti Sentry (formerly MobileIron Sentry) contains a pre-authentication OS command injection vulnerability that gives remote attackers root-level code execution. CVSS 10.0, actively exploited in the wild, CISA KEV listed with a 3-day remediation deadline. A public PoC is available from watchTowr La…
