CVE-2026-10520
Ivanti Sentry OS Command Injection Vulnerability
⚠ KEV
描述
Ivanti Sentry (formerly known as MobileIron Sentry) contains an OS command injection vulnerability which could allow a remote unauthenticated user to achieve root-level remote code execution. This vulnerability can be successfully exploited in cases where the Sentry appliance is in an unmanaged state with its endpoints externally reachable. The use of mTLS with EPMM or restricted HTTPS access through Neurons for MDM makes interfaces inaccessible to external actors.
如何修補 CVE-2026-10520
OSV 沒有提供套件對應 — 請參考下方連結尋找廠商提供的建議。
CVE-2026-10520 正在被利用嗎?
是 — CVE-2026-10520 已列入 CISA Known Exploited Vulnerabilities (KEV) 清單,代表正在被實際利用,請立即修補。
受影響套件(0)
OSV 沒有提供套件對應。