Exploitation of Ivanti Sentry – OS Command Injection CVE-2026-10520
Introduction Edge gateways that secure and route mobile traffic to back-end corporate networks are primary targets for threat actors due to their perimeter placement. In June 2026, Ivanti released a critical security advisory addressing a pre-authentication OS Command Injection vulnerability in Ivanti Sentry (formerly MobileIron Sentry), tracked as CVE-2026-10520 with a maximum CVSS score of 10.0. This vulnerability allows remote, unauthenticated