Ivanti Sentry Pre-Auth OS Command Injection RCE
CVE-2026-10520 is a critical OS command injection vulnerability in Ivanti Sentry (formerly MobileIron Sentry) affecting versions prior to R10.5.2, R10.6.2, and R10.7.1. The flaw allows a remote unauthenticated attacker to supply crafted input that is passed unsanitized into a system-level command, resulting in operating system command execution as root. Supporting reporting indicates the vulnerable code path is in the Sentry web application's ConfigServiceController and is reachable via a POST request to the unauthenticated endpoint /mics/api/v2/sentry/mics-config/handleMessage. The issue is described as pre-authentication and network-reachable, with no user interaction required.
Are you exposed to this one?
Mallory correlates every CVE against your assets, your vendors, and active adversary campaigns. Know which vulnerabilities matter for you, not just which ones are loud.
Impact, mitigation & remediation
What it means. What to do now. Patch path, mitigations, and the assume-compromise checklist.
Impact
What an attacker gets, and what they’ve been doing with it.
Mitigation
If you can’t patch tonight, do this now.
Remediation
Patch, then assume compromise.
Exploits
3 valid exploits after Mallory filtered fakes, detection scripts, and README-only repos (3 hidden).
Repository is a small standalone Python exploit utility consisting of a minimal README and one main script, mass_checker.py. The script is not merely a detector: it actively sends a crafted POST request intended to trigger pre-auth command execution on Ivanti Sentry devices associated with CVE-2026-10520 / CVE-2026-10523. Its core exploit logic defines EXPLOIT_PATH as /mics/api/v2/sentry/mics-config/handleMessage and builds a form payload in the 'message' parameter containing an XML-like commandexec structure. By default it executes the 'id' command, but the operator can replace this with arbitrary commands using --cmd. Operationally, the script is designed as a high-throughput mass checker. It reads targets from a file line-by-line to avoid loading large target lists into memory, uses asyncio plus aiohttp for concurrent requests, and bounds concurrency with a semaphore. For each target, it tries HTTPS first and then HTTP, disables TLS verification, avoids redirects, and applies a configurable timeout. Response analysis treats HTTP 200 plus recognizable command output markers (such as <result><success>...</success></result>, <success>...</success>, or similar text) as evidence of successful exploitation. It also attempts to parse JSON-wrapped responses to recover embedded output. HTTP 401/403 are treated as likely patched or auth-gated, while other statuses/errors are recorded. The repository structure is straightforward: README.md only names the project, while mass_checker.py contains banner output, payload construction, response parsing, asynchronous worker logic, CLI argument parsing, progress reporting, and result serialization. The script’s purpose is bulk validation and exploitation-at-scale of exposed Ivanti Sentry instances, producing a results file and summary of vulnerable hosts. Because it supports arbitrary command input and extracts returned output, this is best characterized as an operational exploit/checker rather than a pure proof-of-concept.
This repository is a small standalone Python proof-of-concept exploit for Ivanti Sentry, containing one executable script (CVE-2026-10520.py) and a README. The script uses the requests library to send a crafted unauthenticated POST request to the Ivanti Sentry MICS API endpoint '/mics/api/v2/sentry/mics-config/handleMessage'. The POST body places an operator-controlled command inside a message string: 'execute system /configuration/system/commandexec <commandexec><index>1</index><reqandres>{command}</reqandres></commandexec>'. The exploit then attempts to parse command output from the HTTP response using several regex patterns, indicating it is intended for direct command execution and output retrieval rather than mere detection. Capabilities include pre-auth remote command execution, optional proxy support, verbose debugging, disabled TLS verification for HTTPS targets, and simple response parsing to display command output. The exploit is interactive and operator-driven: it requires a target URL and command via CLI arguments. There is no advanced payload staging, persistence, lateral movement, or shell management; it is a direct command-execution PoC, making OPERATIONAL the best maturity fit. Repository structure is minimal: the Python script is the sole code artifact and clear entry point, while README.md documents usage, claimed affected versions, and example commands. No framework affiliation is present. The main fingerprintable target is the Ivanti Sentry API path used for message handling. The README claims the exploit targets CVE-2026-10520 and CVE-2026-10523 against Ivanti Sentry versions before 10.5.2, 10.6.2, and 10.7.1.
This repository is a small, single-purpose Python proof-of-concept for Ivanti Sentry authentication bypass and remote code execution associated with CVE-2026-10520 and CVE-2026-10523. The repo contains only two files: a README with usage/output examples and one Python script that performs the attack. The script is not part of a larger exploitation framework. The main capability is unauthenticated remote command execution against an Ivanti Sentry target. The operator supplies a base URL and an arbitrary command via --cmd. The script constructs a POST request to the Ivanti Sentry endpoint /mics/api/v2/sentry/mics-config/handleMessage with Content-Type application/x-www-form-urlencoded and a crafted message parameter containing an XML-like commandexec structure. It disables TLS certificate verification, optionally supports an HTTP proxy, and does not follow redirects. After sending the request, the script parses the response body and optionally JSON-decodes it. It checks for success markers ('Message handled successfully' and '<result><success>...') and extracts the command output with a regular expression. If extraction succeeds, it reports the target as vulnerable and prints the returned command output; otherwise it reports the target as not vulnerable. Repository structure is minimal and operational: README.md documents the vulnerability and demonstrates exploitation, while watchTowr-vs-Ivanti-Sentry-RCE-CVE-2026-10520-CVE-2026-10523.py is the executable entry point. Although described as a 'Detection Artifact Generator,' the code actively triggers command execution on the target, so it functions as a real exploit/verification tool rather than a passive detector.
Affected products & vendors
Products and vendors Mallory has correlated with this vulnerability. Open in Mallory to drill down to specific CPE configurations and version ranges.
Vendor-confirmed product mapping. Mallory continuously reconciles this list against your asset inventory.
Recent activity
186 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.
An Ivanti Sentry vulnerability whose PoC repository was used as a malware delivery lure for ChocoPoC.
A critical vulnerability in Ivanti Sentry that allows code execution as root.
A critical vulnerability in Ivanti Sentry that allows code execution as root.
A maximum severity OS command injection vulnerability in Ivanti Sentry that can allow remote, unauthenticated attackers to achieve root-level remote code execution on publicly exposed unmanaged instances in certain configurations.
The version that knows your environment.
Query your assets running an affected version, and investigate the blast radius.
Every observed campaign linking this CVE to a named adversary.
Malware families riding this exploit, with evidence and IOCs.
YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.
Cross-references every affected SKU, including bundled OEM variants.
Community discussion across Reddit, Mastodon, and other social sources.