Summary
Ivanti released security updates for Ivanti Sentry to address an OS command injection (CVSS 10.0) and an authentication bypass (CVSS 9.9) that allow unauthenticated remote code execution and administrative takeover.
Take Action:
If you use Ivanti Sentry, first make sure the appliance is isolated from the internet and reachable only from trusted networks, then immediately update to fixed versions R10.5.2, R10.6.2, or R10.7.1 to patch CVE-2026-10520 and CVE-2026-10523. After updating, check your admin logs for any accounts you didn't create or unusual activity.
Read the full article on BeyondMachines
This article was originally published on BeyondMachines
Top comments (0)