Actively Exploited in the Wild

This vulnerability is being actively exploited in the wild.

Primary

Context

Ivanti Sentry OS Command Injection Vulnerability Allowing Root-Level Remote Code Execution

Vulnerability

Exploited

Patched

A command injection vulnerability has been identified in Ivanti Sentry versions prior to R10.5.2, R10.6.2, and R10.7.1. This vulnerability allows remote, unauthenticated users to execute code with root privileges on the affected system.

Impact

Exploitation of this vulnerability leads to unauthorized root-level access, allowing for remote code execution on the affected system.

Remediation

Users can update to Ivanti Sentry versions 10.5.2, 10.6.2, or 10.7.1. The new versions are available on the Ivanti Support Portal, with detailed update instructions provided.

Added: Jun 9, 2026, 4:42 PM

Updated: Jun 11, 2026, 6:56 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

9.1

remediation

0.0

relevance

9.3

threat

8.8

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

9.1

remediation

0.0

relevance

9.3

threat

8.8

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Actively Exploited in the Wild

Ivanti Sentry OS Command Injection Vulnerability Allowing Root-Level Remote Code Execution

Vulnerability

Impact

Remediation

Affected Products

Ivanti Sentry

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating