Skip to main content
A Singapore Government Agency Website How to identify
Official website links end with .gov.sg
Government agencies communicate via .gov.sg websites (e.g. go.gov.sg/open). Trusted websites
Secure websites use HTTPS
Look for a lock () or https:// as an added precaution. Share sensitive information only on official, secure websites.

Government officials will never ask you to transfer money or disclose bank log-in details over a phone call.

Call the 24/7 ScamShield Helpline at 1799 if you are unsure if something is a scam.

Cyber Security Agency of Singapore
Alerts

Critical Vulnerabilities in Ivanti Sentry

12 June 2026

Attackers can exploit OS command injection (CVE-2026-10520) and authentication bypass (CVE-2026-10523) vulnerabilities in Ivanti Sentry to execute commands as root, create unauthorised administrative accounts, and gain full system administrative control without authentication. Patch immediately.

Background 

Ivanti has released security updates addressing multiple critical vulnerabilities (CVE-2026-10520 and CVE-2026-10523) affecting Ivanti Sentry, a mobile security gateway used for securing enterprise mobile device communications. This vulnerability has a Common Vulnerability Scoring System (CVSS v3.1) score of 10 and 9.9 out of 10, respectively.

Impact 

Successful exploitation of these vulnerabilities could lead to the following:

  • CVE-2026-10520: Due to an OS command injection vulnerability in Ivanti Sentry, an unauthenticated attacker could send specially crafted requests to execute arbitrary system commands with root-level privileges on the affected system.

  • CVE-2026-10523: Due to improper authentication controls in Ivanti Sentry, an unauthenticated attacker could bypass authentication, create arbitrary administrative accounts, and gain full administrative access to the affected system.

Affected Products

These vulnerabilities affect the following products:

  • Ivanti Sentry versions prior to 10.5.2 

  • Ivanti Sentry versions prior to 10.6.2 

  • Ivanti Sentry versions prior to 10.7.1

Recommendations

Users and administrators of affected products are advised to update the affected products to the latest version immediately.

References 

https://hub.ivanti.com/s/article/Security-Advisory-Ivanti-Sentry-CVE-2026-10520-CVE-2026-10523?language=en_US

https://nvd.nist.gov/vuln/detail/CVE-2026-10520

https://nvd.nist.gov/vuln/detail/CVE-2026-10523

https://www.rapid7.com/blog/post/etr-cve-2026-10520-cve-2026-10523-multiple-critical-vulnerabilities-affecting-ivanti-sentry/

Back to top