Ivanti Sentry pre-auth RCE (CVE-2026-10520) – CVSS 10.0, public PoC, CISA KEV

slvnx·Hacker News·Community·

Ivanti Sentry (formerly MobileIron Sentry) contains a pre-authentication OS command injection vulnerability (CVSS 10.0) allowing root-level RCE. Actively exploited, CISA KEV listed with 3-day deadline. Find exposed Sentry appliances with RECON.

Read full article →

Related Articles

US bans differential privacy in Census data
nl · Hacker News · 3h ago
Arch Linux Now Believes Malware Incident Under Control: More Than 1,500 Packages
qwertox · Hacker News · 5h ago
Twenty One Zero-Days in FFmpeg
redbell · Hacker News · 18h ago
CRISPR tech selectively shreds cancer cells, including "undruggable" cancers
gmays · Hacker News · 1d ago
Kimi K2.7-Code: open-source coding model with better token efficiency
nekofneko · Hacker News · 1d ago