CVSS 10.0. Unauthenticated. Remote code execution as root. Within 24 hours of a public PoC, instances were already backdoored. CVE-2026-10520 in Ivanti Sentry is the worst-case scenario for a perimeter appliance — and the third time this product has landed in the CISA KEV. At Tech86, we see this as yet another instance of a repeating pattern: critical gateway product, vendor-minimized disclosure, and rapid exploitation in production.
The bug: command injection at maximum CVSS
CVE-2026-10520 is a command injection vulnerability in Ivanti Sentry. The vector is direct: a POST to /mics/api/v2/sentry/mics-config/handleMessage enables arbitrary command execution as root. No authentication required. The CVSS 10.0 score reflects the most dangerous combination possible — unauthenticated access, no user interaction, full system control.
On its own, this would already be critical. But there is also CVE-2026-10523 (CVSS 9.9): an authentication bypass that allows creation of arbitrary administrative accounts. The two CVEs form a complete compromise chain — RCE as root for initial access, followed by persistence through an attacker-created admin account. Whoever exploits both does not just get in: they stay in.
The timeline: from patch to backdoor in 24 hours
The sequence of events is revealing. On June 9, according to Ivanti's advisory, the company published patches for versions R10.5.2, R10.6.2, and R10.7.1, stating they had "no knowledge of customers being exploited." On June 10, according to WatchTowr, a complete PoC was published on GitHub. That same day, according to Shadowserver, scans identified at least 19 vulnerable instances, with at least 2 already backdoored. Also on June 10, according to Defused, attackers launched exploits against honeypots without prior fingerprinting — the landscape was already mapped.
On June 11, according to CISA, CVE-2026-10520 was added to the KEV with a 3-day remediation deadline. This appears to be the first application of BOD 26-04, which establishes shorter deadlines for critical vulnerabilities. On June 12, according to Ivanti's updated advisory, the company acknowledged the KEV listing but attributed exploitation to "attempts against honeypots" and did not acknowledge customer compromise.
The message is clear: the window between technical disclosure and mass exploitation is measured in hours. Claiming no knowledge of exploitation does not mean there is no exploitation — it means it has not been detected yet.
The pattern: 35 times in the KEV
This is not an isolated case. According to the CISA KEV catalog, this is the 35th Ivanti vulnerability listed. Of those 35 CVEs, 12 have been linked to ransomware, according to KEV data. Sentry specifically has appeared in the KEV twice before — CVE-2023-38035 and CVE-2020-15505, according to the CISA KEV catalog. This is the third time.
The pattern is consistent: critical gateway product, disclosure with "no knowledge of exploitation," and rapid abuse in production once technical details emerge. Ivanti has repeated this pattern 35 times in the KEV. When a vendor appears in the catalog with that frequency, the problem is not isolated — it is systemic.
The response: KEV with a 3-day deadline
CISA kept the CVE in the KEV with a 3-day deadline, regardless of Ivanti's argument that instances managed with mTLS via EPMM are protected and that exploitation requires access to management port 8443. BOD 26-04, applied for the first time in this case, establishes that critical vulnerabilities in perimeter products require a response measured in days, not weeks.
According to Shadowserver, unpatched instances are likely already compromised. The assessment is direct and the math is simple: if the PoC is public, if exploitation is trivial, and if the product is exposed to the internet, compromise is a matter of time — and that time is short.
The lesson: do not wait for vendor confirmation
Ivanti argues that exploitation requires access to port 8443 and that instances with mTLS are protected. CISA kept the KEV listing. Shadowserver detected backdoors in production. Defused observed attacks without prior fingerprinting. The evidence converges: if you have Ivanti Sentry exposed to the internet, patch immediately.
At Tech86, we maintain that the response to critical vulnerabilities in perimeter appliances cannot depend on vendor confirmation. Asset inventory, immediate patch application, and attack surface restriction are controls that work regardless of what the vendor claims. When the product is a gateway and the CVSS is 10.0, every hour without a patch is an hour of real exposure.