A command injection vulnerability in Ivanti Sentry prior to 9.19.0 allows unauthenticated threat actor to execute arbitrary commands on the underlying operating system of the appliance within the same physical or logical network.
CVSS Vector
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HIvanti Standalone Sentry
APPIvanti< 9.19.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Related vulnerabilities
CVE-2026-10520CRITICAL10.0⚠ KEVPL ✓ten sam produkt
RCE poprzez OS Command Injection w Ivanti Sentry (nieuwierzytelniony dostęp root)
CVE-2026-10523CRITICAL9.9PL ✓ten sam produkt
Authentication Bypass w Ivanti Sentry — tworzenie kont admina bez uwierzytelnienia
CVE-2024-8540HIGH8.8ten sam produkt
Insecure permissions in Ivanti Sentry before versions 9.20.2 and 10.0.2 or 10.1.0 allow a local authenticated ...
CVE-2026-1281CRITICAL9.8⚠ KEVPL ✓ten sam vendor
Krytyczny code injection w Ivanti Endpoint Manager Mobile (RCE bez uwierzytelnienia)
CVE-2026-1340CRITICAL9.8⚠ KEVPL ✓ten sam vendor
Code injection w Ivanti EPMM umożliwiający nieuwierzytelniony RCE