01 · The Real Story
This is a master key left under the doormat of a building that already sits between your phones and your mail
CVE-2026-10520 is an unauthenticated OS command injection in Ivanti Sentry's MICS API. On affected releases before R10.5.2, R10.6.2, and R10.7.1, a remote attacker can hit the exposed /mics application and coerce the appliance into running attacker-supplied operating-system commands as root. Public technical analysis from watchTowr ties exploitation to the unauthenticated POST /mics/api/v2/sentry/mics-config/handleMessage path, and runZero notes the affected population as 10.5.1, 10.6.1, 10.7.0, and prior, with older unsupported builds likely affected too.
Vendor severity is not inflated here; if anything, the user-supplied intel is already stale. Although you provided KEV listed: No, NVD now shows this CVE was added to CISA KEV on 2026-06-11, which means there is authoritative evidence of exploitation in the wild. Combine that with a public PoC, no authentication requirement, root execution, and the fact that Sentry commonly lives at the edge brokering traffic to Exchange and other internal services, and this stays firmly in CRITICAL.
"Internet-facing, no-auth root RCE on a gateway appliance, now KEV-listed. Treat as emergency patching."
02 · The Attack Path
4 steps from start to impact.
STEP 01
Fingerprint exposed Sentry
The attacker identifies Ivanti Sentry by probing for the
/mics/login.jsp application or matching the characteristic Sentry login assets described by runZero. Weaponized tooling at this stage is usually just curl, masscan+nmap, or exposure search pipelines; the barrier is basically discovery, not exploit development.Conditions required:
- Sentry is reachable from the attacker's network path
- The
/micsapplication is exposed on an internet-facing or otherwise reachable interface
Where this breaks in practice:
- Not every enterprise runs Sentry
- Some deployments keep management paths off the internet or behind VPN/reverse proxy controls
Detection/coverage: External ASM, runZero fingerprinting, and standard internet-exposure scans should find these assets reliably.
STEP 02
Send unauthenticated command payload
Using the watchTowr PoC or a hand-built HTTP request, the attacker sends a crafted
message parameter to POST /mics/api/v2/sentry/mics-config/handleMessage. watchTowr shows the vulnerable code path accepting attacker-controlled input and reaching command-execution logic without prior authentication.Conditions required:
- Target is running a vulnerable build before
R10.5.2/R10.6.2/R10.7.1 - HTTP(S) access to the vulnerable endpoint is permitted
Where this breaks in practice:
- A tightly scoped reverse proxy or ACL that blocks
/mics/api/v2/sentry/mics-config/handleMessagecan break the exploit path - IPS/WAF signatures may now exist for known payload structure
Detection/coverage: Rapid7 content, Check Point IPS coverage, WAF logs, reverse proxy logs, and Tomcat/MICS request logs should surface probing and exploit POSTs.
STEP 03
Execute as root on the appliance
The vulnerable handler builds or forwards OS-level command content that gets executed by the appliance as
root. At this point the attacker has crossed from app bug to full appliance compromise, which is why the CVSS 10 label is justified in practice rather than just in theory.Conditions required:
- Exploit request reaches the vulnerable code path intact
- Underlying Sentry service account executes with elevated privileges
Where this breaks in practice:
- Payloads can fail if defenders are filtering the exact endpoint or command pattern
- One-off exploit attempts may be noisy in local logs
Detection/coverage: Process creation visibility on the appliance is usually weak, but
/var/log/mics/, auth logs, and file-creation traces under /tmp, /var/tmp, and /dev/shm are useful.STEP 04
Pivot from gateway to enterprise systems
A compromised Sentry appliance is a privileged network foothold sitting between managed devices and enterprise backends such as Exchange. Post-exploitation tools are the usual Linux tradecraft: shell dropper, credential harvesting, config extraction, tunneling, and staging for lateral movement.
Conditions required:
- Attacker has root on Sentry
- Sentry has trusted connectivity to downstream enterprise services
Where this breaks in practice:
- Segmentation and service-account scoping can limit pivot options
- Well-run environments may detect unusual outbound traffic or rogue admin creation quickly
Detection/coverage: Monitor for new admin accounts, unexpected outbound connections from Sentry, config changes, and downstream authentication anomalies tied to the appliance.
03 · Intelligence Metadata
The supporting signals.
| In-the-wild status | Yes. Your prompt says KEV listed: No, but that is outdated. NVD now shows CISA KEV status for 2026-06-11, which is the strongest public signal that exploitation has been observed. |
|---|---|
| Proof-of-concept availability | Public PoC available. watchTowr published technical analysis on 2026-06-10 and a GitHub detection/exploitation artifact for CVE-2026-10520 and CVE-2026-10523. |
| EPSS | Not yet surfaced in retrieved primary-source content. I would not wait for EPSS anyway; KEV status dominates prioritization here. |
| KEV status and dates | KEV-listed. NVD reflects CISA addition on 2026-06-11 with a due date of 2026-06-14 for federal agencies. |
| CVSS vector reality check | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H maps cleanly to reality: network-reachable, no auth, no user click, full compromise, and cross-boundary impact because this is an appliance that mediates enterprise traffic. |
| Affected versions | Vendor and runZero align on affected supported branches before R10.5.2, R10.6.2, and R10.7.1; runZero explicitly calls out 10.5.1, 10.6.1, 10.7.0, and prior. Older unsupported versions are *likely* affected. |
| Fixed versions | Upgrade to R10.5.2, R10.6.2, or R10.7.1 depending on branch. There is no evidence in the retrieved sources of a distro backport-only fix path separate from these releases. |
| Exposure and scanning | This is not a ubiquitous product, which narrows population, but the reachable population is ugly because Sentry commonly sits on exposed gateway infrastructure. runZero published identification guidance using the /mics login surface, and Check Point has IPS coverage for exploitation attempts. |
| Disclosure timeline | CVE published by NVD on 2026-06-09; watchTowr technical write-up landed 2026-06-10; KEV status appeared 2026-06-11. |
| Researcher / reporting | watchTowr publicly analyzed the flaw; the companion auth bypass CVE-2026-10523 is credited by watchTowr to Bryan Lam. For CVE-2026-10520, watchTowr cites the advisory text and exploit path but the public credit in retrieved sources is not clearly assigned. |
04 · The Call
noisgate verdict.
Final Verdict
= UNCHANGED to CRITICAL (10.0/10)
The decisive factor is not the CVSS math; it is the combination of unauthenticated remote root code execution on an edge gateway plus KEV-listed exploitation evidence. There is essentially no meaningful attacker-side friction once a vulnerable Sentry instance is reachable, and the appliance's placement amplifies downstream blast radius.
HIGH Severity bucket and immediate prioritization
MEDIUM Exact exposed population in typical enterprise fleets
Why this verdict
- No-auth remote root RCE means the attack starts at initial access, not after foothold, VPN, or stolen creds
- KEV on 2026-06-11 is a hard upgrade signal over the prompt's stale
KEV listed: Nofield - Gateway placement amplifies impact because Sentry brokers mobile access to internal services and commonly has trusted paths to sensitive backends
Why not higher?
It cannot go meaningfully higher than this; this is already top-bucket material. The only moderating factor is product prevalence: Sentry is a narrower target class than mass-market edge software, so enterprise-wide exposure depends on whether you actually run it.
Why not lower?
There is no auth requirement, no user interaction, no local foothold prerequisite, and no exotic environmental dependency beyond reachability to the service. Once KEV and public PoC enter the picture, any argument for downgrading to HIGH collapses unless your Sentry estate is fully isolated from attacker reach.
05 · Compensating Control
What to do — in priority order.
- Isolate exposed Sentry immediately — If any Sentry instance is reachable from the internet or broadly reachable internal segments, restrict access to trusted admin networks or a VPN-only path within hours. Because this CVE is KEV-listed, the normal CRITICAL mitigation window is overridden by live exploitation evidence.
- Block the vulnerable MICS endpoint — Add reverse-proxy, WAF, NGFW, or load-balancer rules to deny
POSTaccess to/mics/api/v2/sentry/mics-config/handleMessagefrom untrusted sources within hours. This is the most direct temporary break in the exploit chain if full upgrade cannot happen immediately. - Enable and tune IPS signatures — Push available protections such as the Check Point
Ivanti Sentry Remote Code Execution (CVE-2026-10520)signature within hours to catch opportunistic scanning and replay of the public PoC. This is detection-and-disruption, not a substitute for patching. - Hunt for post-exploitation artifacts — Review
/var/log/mics/, auth logs, new local accounts, and suspicious files under/tmp,/var/tmp, and/dev/shmwithin hours. A gateway appliance compromise is not self-contained; assume credential and config exposure until proven otherwise. - Rotate secrets touched by the appliance — If compromise indicators exist or exposure was prolonged, rotate credentials, certificates, and trust relationships used by Sentry within 3 days because root on the appliance likely exposed them. This contains downstream abuse after the initial foothold.
What doesn't work
- MFA does not help because the exploit is unauthenticated against the appliance itself, not a user login flow.
- Endpoint EDR on employee devices does not stop the initial compromise; the blast starts on the gateway appliance.
- Credential resets alone do not remove attacker access if the appliance itself remains vulnerable or already backdoored.
06 · Verification
Crowdsourced verification payload.
Run this on the Sentry appliance shell after you have console or SSH access. Invoke it as sudo bash ./check-cve-2026-10520.sh 10.6.1 if you already know the installed version, or sudo bash ./check-cve-2026-10520.sh to let it try RPM-based detection; root is recommended because some package queries and file reads may be restricted.
#!/usr/bin/env bash
# check-cve-2026-10520.sh
# Defensive local version check for Ivanti Sentry CVE-2026-10520
# Outputs one of: VULNERABLE / PATCHED / UNKNOWN
# Exit codes: 0=PATCHED, 1=VULNERABLE, 2=UNKNOWN, 3=usage/runtime error
set -u
extract_version() {
local s="$1"
echo "$s" | grep -Eo '[0-9]+\.[0-9]+\.[0-9]+' | head -n1
}
ver_lt() {
[ "$(printf '%s\n%s\n' "$1" "$2" | sort -V | head -n1)" != "$2" ]
}
ver_ge() {
[ "$(printf '%s\n%s\n' "$1" "$2" | sort -V | head -n1)" = "$2" ]
}
VERSION_INPUT="${1:-}"
VERSION=""
SOURCE=""
if [ -n "$VERSION_INPUT" ]; then
VERSION="$(extract_version "$VERSION_INPUT")"
SOURCE="argument"
fi
if [ -z "$VERSION" ] && command -v rpm >/dev/null 2>&1; then
RPM_HIT="$(rpm -qa 2>/dev/null | grep -Ei 'ivanti|mobileiron|sentry' | head -n1 || true)"
if [ -n "$RPM_HIT" ]; then
VERSION="$(extract_version "$RPM_HIT")"
SOURCE="rpm"
fi
fi
if [ -z "$VERSION" ]; then
for f in /etc/ivanti-release /etc/mobileiron-release /etc/sentry-release /opt/mobileiron/*/VERSION /opt/ivanti/*/VERSION; do
if [ -r "$f" ]; then
HIT="$(head -n5 "$f" 2>/dev/null | tr -d '\r' | head -n1 || true)"
VERSION="$(extract_version "$HIT")"
if [ -n "$VERSION" ]; then
SOURCE="$f"
break
fi
fi
done
fi
if [ -z "$VERSION" ]; then
echo "UNKNOWN"
echo "reason=Could not determine installed Ivanti Sentry version automatically" >&2
exit 2
fi
echo "detected_version=$VERSION source=$SOURCE" >&2
# Supported fixed branches from vendor/public advisory chain:
# 10.5.x fixed at 10.5.2
# 10.6.x fixed at 10.6.2
# 10.7.x fixed at 10.7.1
# Older unsupported versions are likely affected, but public wording does not fully enumerate every historical branch.
if ver_ge "$VERSION" "10.7.1"; then
echo "PATCHED"
exit 0
fi
if ver_ge "$VERSION" "10.7.0" && ver_lt "$VERSION" "10.7.1"; then
echo "VULNERABLE"
exit 1
fi
if ver_ge "$VERSION" "10.6.0" && ver_lt "$VERSION" "10.6.2"; then
echo "VULNERABLE"
exit 1
fi
if ver_ge "$VERSION" "10.5.0" && ver_lt "$VERSION" "10.5.2"; then
echo "VULNERABLE"
exit 1
fi
if ver_lt "$VERSION" "10.5.0"; then
echo "UNKNOWN"
echo "reason=Version is older than enumerated supported branches; treat as at-risk and validate against vendor support records" >&2
exit 2
fi
echo "UNKNOWN"
echo "reason=Version falls outside expected branch logic; verify manually against vendor release documentation" >&2
exit 2
07 · Bottom Line
If you remember one thing.
TL;DR
Monday morning, identify every Ivanti Sentry instance, assume externally reachable ones are emergency work, and patch / mitigate immediately, within hours because KEV status overrides the standard clock. For this CRITICAL finding, the noisgate mitigation SLA is superseded by active-exploitation evidence, so temporary containment must happen within hours, and the noisgate remediation SLA is still
<= 90 days—but for any exposed appliance you should not consume that full window; get to R10.5.2, R10.6.2, or R10.7.1 as soon as operationally possible and treat compromise assessment as part of the same incident stream.Sources
Peer Review
What defenders are saying.
Submit a review
attribution: handle + country only
0 flags selected · stored anonymously
Validation Results
Crowdsourced verification outputs.
Results submitted by users who ran the verification payload against their environment.