CVE-2026-10520: Ivanti Sentry Unauthenticated OS Command Injection — How to Find Exposed Instances Ivanti Sentry (formerly MobileIron Sentry) contains a pre-authentication OS command injection vulnerability that gives remote attackers root-level code execution. CVSS 10.0, actively exploited in the wild, CISA KEV listed with a 3-day remediation deadline. A public PoC is available from watchTowr Labs. Here's how to find Ivanti Sentry appliances on your network. The Vulnerability CVE-2026-10520...