Ctrl + K
/ news / CVE
CVEPublished 2026-06-09Modified 2026-06-124 articles on news5 live referencesNVD data

CVE-2026-10520Ivanti · Standalone_sentry

Vulnerability data via NVD (ingested)

CVSS v3.1
10.0
CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
EPSS percentile
87
Exploit Prediction Scoring System · top 13% of all CVEs
Weaknesses (CWE)
CWE-78Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Description

An OS Command Injection vulnerability in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote unauthenticated user to achieve root-level remote code execution

Timeline
Published 2026-06-09
Modified 2026-06-12

External references

NVDMITREExploit-DBSploitusVulnCheck

Search for exposed instances

Shodan + Censys queries derived from NVD's CPE data. The vuln tag catches assets Shodan has explicitly linked to this CVE; the product / banner fingerprints find exposed instances even when the vuln tag was never applied (which is common).

Shodan · vuln tag0 hosts
vuln:CVE-2026-10520
Hosts Shodan has explicitly fingerprinted as vulnerable.
Shodan · product
product:"Ivanti Standalone Sentry"
All exposed Ivanti Standalone Sentry instances — cross-reference with the CVE's affected-version range.
Shodan · banner/body mention
http.html:"Standalone Sentry"
HTTP body or banner mentions "Standalone Sentry" — catches deploys Shodan didn't identify as a product.
More intel sources (5)
Shodan report
vuln:CVE-2026-10520
Country / ASN / product breakdown for the vuln query.
Censys
vulnerabilities.cve_id: CVE-2026-10520
Censys host search filtered to this CVE id.
grep.app
CVE-2026-10520
Public source-code mentions — fast PoC discovery.
GitHub code
CVE-2026-10520
GitHub code search for direct mentions.
Google dork
"CVE-2026-10520" exploit -site:nvd.nist.gov
Write-ups and news, NVD excluded.

Known PoCs on GitHub (7)

CVE-2026-105207 repos
nomi-sec/PoC-in-GitHubunknown
📡 PoC auto collect from GitHub. ⚠️ Be careful Malware.
★ 7,844·updated today
bingook/bingoPython
Bingo - AI-powered Red Team Terminal (DeepSeek/Claude/GPT/GLM)
★ 189·updated today
watchtowrlabs/watchTowr-vs-Ivanti-Sentry-RCE-CVE-2026-10520-CVE-2026-10523Python
★ 12·updated 1w ago
0xBlackash/CVE-2026-10520Python
CVE-2026-10520
★ 4·updated 6d ago
ogenich/CVE-2026-10520Python
CVE-2026-10520 - Ivanti Sentry Pre-Auth OS Command Injection Mass Scanner
★ 2·updated 1w ago
umbrasecdev/umbrasecHTML
UMBRASEC is a new, independent research project focused on the defensive side of security - detection engineering, honest threat analysis, open-source tooling, and a free security …
★ 2·updated today
DevGreick/devgreickPython
★ 1·updated today
Articles on news mentioning CVE-2026-10520