Ivanti Sentry CVE-2026-10520 pre-auth command injection blocked
1 fixThis release1 fixBug fixesAI-tallied from the release notes
This week's release introduces new managed protection to address a critical pre-authentication OS command injection vulnerability in Ivanti Sentry (CVE-2026-10520).
Key Findings
- CVE-2026-10520: An OS command injection vulnerability in Ivanti Sentry allows remote, unauthenticated attackers to execute arbitrary system commands with root privileges. The flaw stems from improper sanitization of input strings parsed during internal configuration handling.
Ruleset
Rule ID
Legacy Rule ID
Description
Previous Action
New Action
Comments
Cloudflare Managed Ruleset
500a90789f874345b60b0de7242fdf83
N/A
Ivanti Sentry - Command Injection - CVE:CVE-2026-10520
Log
Block
This is a new detection.
Fetched June 23, 2026
