By Ivanti Sentry has two new critical vulnerabilities — CVSS 10.0 and 9.9 — that let any unauthenticated attacker on the internet execute OS commands as root and create admin accounts from scratch. A public proof-of-concept dropped June 11. Within 40 hours, Shadowserver confirmed that real attackers had already backdoored exposed appliances. CISA responded by invoking its brand-new Binding Operational Directive 26-04 for the first time ever, issuing federal agencies a 3-day window to patch. That deadline has passed. If you’re still running a vulnerable version, you’re behind.
What Ivanti Sentry Is
Ivanti Sentry (formerly MobileIron Sentry) is an enterprise mobile gateway appliance. It sits between your internal corporate systems and employee mobile devices, acting as the enforcer for mobile email, app traffic, and VPN tunnels. The reason it’s a high-value target isn’t just the code — it’s the position. A compromised Sentry appliance doesn’t put an attacker at your perimeter. It puts them inside your trusted network boundary, with a clear line of sight to corporate resources.
That’s why every serious Ivanti CVE gets exploited fast. Threat actors aren’t scanning for Sentry because it’s easy — they’re scanning for it because the payoff is enormous.
The Two CVEs: A Complete Takeover Chain
CVE-2026-10520 (CVSS 10.0): An OS command injection vulnerability in the ConfigServiceController class. The endpoint /mics/api/v2/sentry/mics-config/handleMessage accepts unauthenticated HTTP POST requests. A user-supplied message parameter flows directly into handleExecute() when the command field is set to “execute,” with zero input sanitization. The result: root-level remote code execution from the internet, no credentials required. That’s a perfect CVSS 10.0 — not just technically, but practically.
CVE-2026-10523 (CVSS 9.9): An authentication bypass that lets an unauthenticated attacker create arbitrary administrative accounts and take full control of the appliance. Discovered independently by researcher Bryan Lam, this flaw completes the attack chain: use CVE-2026-10523 to create an admin account, then use CVE-2026-10520 to run OS commands as root.
Both vulnerabilities affect Sentry versions 10.5.1, 10.6.1, and 10.7.0. Patches are available in versions 10.5.2, 10.6.2, and 10.7.1.
Exploited in 40 Hours
Ivanti patched both flaws on June 9. On June 11, a public proof-of-concept was published. Forty hours later, Shadowserver confirmed backdoored Sentry appliances. They found 19 vulnerable instances exposed to the internet; at least 2 were already compromised with implanted backdoors.
This isn’t a surprise. Ivanti has a documented track record of rapid exploitation: CVE-2025-0282 (Connect Secure) was weaponized within hours of disclosure. CVE-2026-10520 followed the same pattern. Security researchers now describe Ivanti appliances as “day-zero targets” — meaning threat actors pre-stage exploit tooling ready to deploy the moment a PoC goes public. At this point, that’s not a theory. It’s a pattern.
CISA’s First 3-Day Mandate Under BOD 26-04
CISA added CVE-2026-10520 to its Known Exploited Vulnerabilities catalog on June 11 and simultaneously invoked Binding Operational Directive 26-04 — a new framework published just 48 hours earlier. Under the old BOD 22-01, federal agencies had a standard two-week window for known-exploited CVEs. BOD 26-04 replaces that with a dynamic model driven by four risk variables: Is the asset internet-facing? Is the exploit automatable? Does the attacker achieve total system control? Is exploitation already confirmed?
For CVE-2026-10520, all four answers are yes. That triggered the minimum window: 3 days. Federal agencies had until June 14. This is the tightest patch mandate ever issued under the U.S. federal BOD framework — and it signals that the standard of “patch in two weeks” is dead for maximum-severity, actively-exploited vulnerabilities.
What to Do Right Now
If you operate Ivanti Sentry, the path forward is straightforward:
- Check your version. If you’re running 10.5.1, 10.6.1, or 10.7.0 (or anything older), you’re vulnerable.
- Patch immediately. Update to 10.5.2, 10.6.2, or 10.7.1. Ivanti’s full patch guide is in its official security advisory.
- If patching isn’t immediate, restrict access to the MICS admin port (typically 8443) to trusted internal networks only. This reduces exposure but is not a fix.
- Hunt for indicators. Look for unexpected admin accounts created after June 9, unusual POST requests to
/mics/api/v2/sentry/, and any new processes launched from the Sentry application context. - Verify your exposure. Check whether your appliance is internet-reachable. Shadowserver’s free scanning service can help confirm this.
Post-exploitation behavior on compromised Sentry appliances has included web shell implantation, credential harvesting from mobile device configurations, and log tampering to cover access. By the time you notice something is wrong, the attacker may have been inside for days.
Ivanti’s pattern of high-severity, rapid-exploitation CVEs is now long enough to be a policy question, not just a patch question. If your organization depends on Sentry, it’s worth asking harder questions about your vendor’s security posture and proactive hardening commitments. For now: patch, verify, and hunt.
