Project pausedOperational costs exceeded runway. Live ingest is offline; historical data shown may be stale. Contact research@boarnet.io for status.
← All CVEs
CVE-2026-10520CRITICAL · 10.0TrackedCISA KEV

Ivanti · Sentry

Ivanti Sentry (formerly known as MobileIron Sentry) contains an OS command injection vulnerability which could allow a remote unauthenticated user to achieve root-level remote code execution. This vulnerability can be successfully exploited in cases where the Sentry appliance is in an unmanaged state with its endpoints externally reachable. The use of mTLS with EPMM or restricted HTTPS access through Neurons for MDM makes interfaces inaccessible to external actors.

Disclosed
2026-06-09
30 days ago
Status
no honeypot capture yet
on CISA KEV — watching
7-day events
0
across 0 distinct IPs
7-day spread
0 ASN · 0 cty
0 active days
Top ASNs

No events captured yet.

Top countries

No events captured yet.