releases.shpreview

Ivanti Sentry CVE-2026-10520 pre-auth command injection blocked

1 fixThis release1 fixBug fixesAI-tallied from the release notes

This week's release introduces new managed protection to address a critical pre-authentication OS command injection vulnerability in Ivanti Sentry (CVE-2026-10520).

Key Findings

  • CVE-2026-10520: An OS command injection vulnerability in Ivanti Sentry allows remote, unauthenticated attackers to execute arbitrary system commands with root privileges. The flaw stems from improper sanitization of input strings parsed during internal configuration handling.

Ruleset

Rule ID

Legacy Rule ID

Description

Previous Action

New Action

Comments

Cloudflare Managed Ruleset

500a90789f874345b60b0de7242fdf83

N/A

Ivanti Sentry - Command Injection - CVE:CVE-2026-10520

Log

Block

This is a new detection.

Fetched June 23, 2026