Based on information from Bleeping Computer, Ivanti has released patches for two critical vulnerabilities in its Sentry secure mobile gateway solution. One of the flaws is a maximum-severity vulnerability that could allow remote attackers to execute code with root privileges.The vulnerabilities, tracked as CVE-2026-10520 and CVE-2026-10523, affect Ivanti Sentry, formerly MobileIron Sentry, which secures traffic between corporate systems and mobile devices. CVE-2026-10520 is an OS command injection weakness, while CVE-2026-10523 is an authentication bypass that could allow attackers to create rogue administrative accounts. Ivanti has released updated versions of Sentry (R10.5.2, R10.6.2, and R10.7.1) to address these issues.The company stated it is not aware of any active exploitation of these vulnerabilities in the wild. However, Ivanti products have been frequently targeted in recent years, with multiple zero-day vulnerabilities exploited to breach enterprise networks and access sensitive data. For instance, the Cybersecurity and Infrastructure Security Agency (CISA) previously ordered federal agencies to patch Ivanti devices due to exploited flaws.Source: Bleeping Computer
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds