{"vulnerability": "cve-2026-10520", "sightings": [{"uuid": "48072de8-4a82-4199-a97e-557345b292c7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-10520", "type": "seen", "source": "https://cyber.gc.ca/en/alerts-advisories/ivanti-security-advisory-av26-567", "content": "", "creation_timestamp": "2026-06-09T08:30:20.000000Z"}, {"uuid": "b8d465bc-8224-4b04-b2dd-6c67a8b2665c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-10520", "type": "seen", "source": "https://bsky.app/profile/infosecbot.bsky.social/post/3mnvjntpmiv2t", "content": "We're back - analyzing CVE-2026-10520, a Pre-Auth RCE in Ivanti's confusingly named Sentry product.\n\nEnjoy!\nhttps://t.co/efAfOc56OK\n\n\u2014 from @watchtowrcyber (https://x.com/watchtowrcyber/status/2064511364375179457)", "creation_timestamp": "2026-06-10T01:10:10.267254Z"}, {"uuid": "baac9cc6-b477-47a9-bd14-ada8290c47e9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-10520", "type": "seen", "source": "https://bsky.app/profile/r-netsec.bsky.social/post/3mnvkhko6hr26", "content": "More Evidence That Words Don't Mean What We Thought They Meant (Ivanti Sentry Pre-Auth OS Command Injection CVE-2026-10520) - watchTowr Labs", "creation_timestamp": "2026-06-10T01:24:32.755113Z"}, {"uuid": "7f1f1d23-9138-40cc-a87d-536b38697a34", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-10520", "type": "confirmed", "source": "https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2026/CVE-2026-10520.yaml", "content": "", "creation_timestamp": "2026-06-10T02:16:48.000000Z"}, {"uuid": "3402cef9-aa51-41ec-aad2-3ec5d225e0f3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "c933734a-9be8-4142-889e-26e95c752803", "vulnerability": "CVE-2026-10520", "type": "seen", "source": "https://vulnerability.circl.lu/bundle/536dbd2e-9793-4c4b-bc54-a21fd7e60e65", "content": "", "creation_timestamp": "2026-06-10T04:44:07.374229Z"}, {"uuid": "c1463f51-babd-46eb-825e-91d973ae6cc1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-10520", "type": "published-proof-of-concept", "source": "https://labs.watchtowr.com/more-evidence-that-words-dont-mean-what-we-thought-they-meant-ivanti-sentry-pre-auth-os-command-injection-cve-2026-10520", "content": "", "creation_timestamp": "2026-06-09T20:34:10.439000Z"}, {"uuid": "9171c618-3d38-4954-aaa1-1fab7e064ec8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-10520", "type": "seen", "source": "https://bsky.app/profile/boredchilada.bsky.social/post/3mnvu3fz7q22z", "content": "~Watchtowr~\nCVE-2026-10520 is a critical pre-auth OS command injection in Ivanti Sentry allowing root-level RCE.\n-\nIOCs: (None identified)\n-\n#CVE202610520 #Ivanti #ThreatIntel", "creation_timestamp": "2026-06-10T04:16:42.475711Z"}, {"uuid": "246162fb-e716-4d11-b5e1-07fe0f961841", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-10520", "type": "seen", "source": "https://bsky.app/profile/r-netsec-bot.bsky.social/post/3mnviyh7lkg2h", "content": "More Evidence That Words Don't Mean What We Thought They Meant (Ivanti Sentry Pre-Auth OS Command Injection CVE-2026-10520) - watchTowr Labs", "creation_timestamp": "2026-06-10T00:58:12.331378Z"}, {"uuid": "116fc7a3-9a7c-4b5a-96aa-4b6ca598e084", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-10520", "type": "seen", "source": "https://bsky.app/profile/hendryadrian.bsky.social/post/3mnw4exs6dr2l", "content": "Ivanti patched two critical Sentry flaws, including CVE-2026-10520, a max-severity command injection that could allow root code execution, and CVE-2026-10523, an auth bypass for rogue admin access. #Ivanti #Sentry #CVE202610520", "creation_timestamp": "2026-06-10T06:45:13.832223Z"}, {"uuid": "fe1da3ee-3bdd-4096-aead-e7d9917b7a00", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-10520", "type": "seen", "source": "https://infosec.exchange/users/obivan/statuses/116724727198447267", "content": "More Evidence That Words Don't Mean What We Thought They Meant (Ivanti Sentry Pre-Auth OS Command Injection CVE-2026-10520) https://labs.watchtowr.com/more-evidence-that-words-dont-mean-what-we-thought-they-meant-ivanti-sentry-pre-auth-os-command-injection-cve-2026-10520/", "creation_timestamp": "2026-06-10T07:53:11.200323Z"}, {"uuid": "dc21a26b-dca6-4422-adeb-3212b9c9c150", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-10520", "type": "seen", "source": "https://bsky.app/profile/obivan.infosec.exchange.ap.brid.gy/post/3mnwaeizy7e42", "content": "More Evidence That Words Don't Mean What We Thought They Meant (Ivanti Sentry Pre-Auth OS Command Injection CVE-2026-10520) https://labs.watchtowr.com/more-evidence-that-words-dont-mean-what-we-thought-they-meant-ivanti-sentry-pre-auth-os-command-injection-cve-2026-10520/", "creation_timestamp": "2026-06-10T07:58:23.409158Z"}, {"uuid": "7123ec77-73bc-4895-99cd-a75acf5a90ba", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-10520", "type": "seen", "source": "https://bsky.app/profile/rxerium.com/post/3mnwjorn6h22a", "content": "\ud83d\udea8 CVE-2026-10520, a critical CVSS 10 OS Command Injection vuln in Ivanti Sentry is now under active exploitation as reported by Defused \n\nScan infrastructure to see if you're vulnerable:\ngithub.com/rxerium/rxer...\n\nPatches are available as per Ivanti's advisory:\nhub.ivanti.com/s/article/Se...", "creation_timestamp": "2026-06-10T10:43:22.594330Z"}, {"uuid": "a93e6f38-7897-404f-967b-6b93ae49feb1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-10520", "type": "seen", "source": "https://bsky.app/profile/tyden.bsky.social/post/3mnwcus6ljq2o", "content": "Spole\u010dnost Ivanti vydala opravy pro dv\u011b kritick\u00e9 zranitelnosti ve sv\u00e9m \u0159e\u0161en\u00ed Sentry, v\u010detn\u011b maxim\u00e1ln\u011b z\u00e1va\u017en\u00e9 chyby CVE-2026-10520", "creation_timestamp": "2026-06-10T08:41:27.123793Z"}, {"uuid": "71c1021b-de07-4b24-88a1-178237c13b28", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "c933734a-9be8-4142-889e-26e95c752803", "vulnerability": "CVE-2026-10520", "type": "published-proof-of-concept", "source": "https://labs.watchtowr.com/more-evidence-that-words-dont-mean-what-we-thought-they-meant-ivanti-sentry-pre-auth-os-command-injection-cve-2026-10520/", "content": "", "creation_timestamp": "2026-06-10T09:08:29.979690Z"}, {"uuid": "779a6ebf-7ddb-4ff5-ab23-7436d33c3068", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-10520", "type": "seen", "source": "https://www.acn.gov.it/portale/w/ivanti-june-security-update-1", "content": "Rilasciati gli aggiornamenti di sicurezza di giugno che risolvono 4 nuove vulnerabilit\u00e0, di cui due con gravit\u00e0 \u201ccritica\u201d e due con gravit\u00e0 \u201calta\u201d, in diversi prodotti Ivanti. Tra queste, si evidenzia la CVE-2026-10520, per la quale risulta disponibile un Proof of Concept (PoC) in rete.", "creation_timestamp": "2026-06-10T07:18:20.000000Z"}, {"uuid": "bff82bdf-e39d-4d9e-825f-76b857994304", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-10520", "type": "seen", "source": "https://infosec.exchange/users/vuldb/statuses/116725277445928014", "content": "Some increased actor activities are shown targeting Ivanti Sentry (CVE-2026-10520) https://vuldb.com/vuln/369559/cti", "creation_timestamp": "2026-06-10T10:13:08.354004Z"}, {"uuid": "7ac053f9-92fa-4d8c-b731-ed01aee65f00", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-10520", "type": "seen", "source": "https://bsky.app/profile/aegisbot.bsky.social/post/3mnwkyeuu2326", "content": "\ud83d\udea8 CISA KEV [CVSS 10.0 \u00b7 CRITICAL]\nCVE-2026-10520, CVE-2026-10523 - Multiple critical vulnerabilities affecting Ivanti Sentry\n\nhttps://www.rapid7.com/blog/post/etr-cve-2026-10520-cve-2026-10523-multiple-critical-vulnerabilities-affecting-ivanti-sentry\n\n#CISA #KEV #PatchNow", "creation_timestamp": "2026-06-10T11:06:36.593406Z"}, {"uuid": "10ed1524-952c-4460-b36b-d5df5d1a05ae", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-10520", "type": "seen", "source": "https://bsky.app/profile/boredchilada.bsky.social/post/3mnwpws6bag2b", "content": "~Certeu~\nIvanti Sentry vulnerabilities (CVE-2026-10520, CVE-2026-10523) allow unauthenticated RCE and admin access.\n-\nIOCs: CVE-2026-10520, CVE-2026-10523\n-\n#CVE202610520 #Ivanti #ThreatIntel", "creation_timestamp": "2026-06-10T12:35:12.401656Z"}, {"uuid": "d5c4f48b-bf1d-459a-8857-d57b2b11e2cc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-10520", "type": "seen", "source": "https://bsky.app/profile/hapsis.bsky.social/post/3mnwxlwyxbs2t", "content": "Critical Ivanti Sentry flaw allows root-level remote code execution (CVE-2026-10520)\n\nwww.helpnetsecurity.com/2026/06/10/i...\n\n#Kyberturvallisuus #LaajaVaikutus #Haavoittuvuus", "creation_timestamp": "2026-06-10T14:54:27.003821Z"}, {"uuid": "8d463f2d-4c3a-4718-ab47-5384b5ab30c7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-10520", "type": "seen", "source": "https://bsky.app/profile/helpnetsecurity.com/post/3mnwrwkfq5k2z", "content": "Critical Ivanti Sentry flaw allows root-level remote code execution (CVE-2026-10520)\n\n\ud83d\udcd6 Read more: www.helpnetsecurity.com/2026/06/10/i...\n\n#cybersecurity #cyebrsecuritynews #enterprise #gateway #vulnerability", "creation_timestamp": "2026-06-10T13:10:56.733986Z"}, {"uuid": "942363ad-6c73-464b-bfcd-f238bdd74b08", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-10520", "type": "seen", "source": "https://bsky.app/profile/o2cloud.bsky.social/post/3mnws6kyyvj2e", "content": "\ud83d\udd17 CVE : CVE-2026-6973, CVE-2026-10520, CVE-2026-10520, CVE-2026-10523, CVE-2026-10727, CVE-2026-6973", "creation_timestamp": "2026-06-10T13:15:20.779819Z"}, {"uuid": "2370a764-6863-41ea-acfc-d76be04bce45", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-10520", "type": "seen", "source": "https://www.cert.se/2026/06/patchtisdag-juni-2026-samlad-information-om-manadens-sakerhetsuppdateringar.html", "content": "", "creation_timestamp": "2026-06-10T05:00:00.000000Z"}, {"uuid": "d4286a2a-0ddf-4c9c-b78b-a7076bcf4163", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-10520", "type": "seen", "source": "https://bsky.app/profile/blackhatnews.tokyo/post/3mnwsmcx3rw2b", "content": "Ivanti Sentry\u306b\u6df1\u523b\u306a\u8106\u5f31\u6027\u3001root\u6a29\u9650\u3067\u306e\u30ea\u30e2\u30fc\u30c8\u30b3\u30fc\u30c9\u5b9f\u884c\u304c\u53ef\u80fd\u306b\uff08CVE-2026-10520\uff09\n\nIvanti\u306f\u3001Ivanti Sentry\u306b\u5b58\u5728\u3059\u308b2\u4ef6\u306e\u91cd\u5927\u306a\u8106\u5f31\u6027\uff08CVE-2026-10520\u304a\u3088\u3073CVE-2026-10523\uff09\u306b\u30d1\u30c3\u30c1\u3092\u9069\u7528\u3057\u3001\u9867\u5ba2\u306b\u5bfe\u3057\u3066\u76f4\u3061\u306b\u4fee\u6b63\u3092\u5b9f\u65bd\u3059\u308b\u3088\u3046\u547c\u3073\u304b\u3051\u3066\u3044\u307e\u3059\u3002 \u3053\u308c\u3089\u306e\u8106\u5f31\u6027\u304c\u5b9f\u969b\u306b\u60aa\u7528\u3055\u308c\u305f\u3068\u3044\u3046\u60c5\u5831\u306f\u73fe\u6642\u70b9\u3067\u306f\u78ba\u8a8d\u3055\u308c\u3066\u3044\u307e\u305b\u3093\u304c\u3001\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u7814", "creation_timestamp": "2026-06-10T13:23:02.286130Z"}, {"uuid": "4febac55-fcc5-44af-9c5b-897d7e4af9e1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-10520", "type": "seen", "source": "https://bsky.app/profile/rapid7.com/post/3mnwstvzuss2g", "content": "\ud83d\udea8 On June 9, 2026, #Ivanti published a security advisory for 2 critical vulnerabilities affecting Ivanti Sentry (FKA MobileIron Sentry).\n\nCVE-2026-10520 (CVSS 10.0) is an OS command injection vuln, and CVE-2026-10523 (CVSS 9.9) is an authentication bypass vuln.\n\nRead on: r-7.co/4arpQHd", "creation_timestamp": "2026-06-10T13:27:17.303229Z"}, {"uuid": "979a20be-8043-4fb2-a81d-ba858bfad9a9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-10520", "type": "seen", "source": "https://www.ncsc.nl/alerts/verhoogde-kans-op-misbruik-van-ivanti-sentry-kwetsbaarheden", "content": "", "creation_timestamp": "2026-06-10T04:00:31.000000Z"}, {"uuid": "c2247571-ac4d-4341-bcbd-09fe819f5c8e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-10520", "type": "seen", "source": "https://mastodon.social/ap/users/115426718704364579/statuses/116726949500340282", "content": "\ud83d\udcf0 Ivanti Patches Critical Sentry Flaws Allowing Root-Level RCE\n\u26a0\ufe0f CRITICAL: Ivanti patches two severe flaws in Sentry, including a root-level unauthenticated RCE (CVE-2026-10520). Technical details are public, exploitation risk is high. Patch immediately! #Ivanti #Vulnerability #RCE #CyberSecurity\n\ud83c\udf10 cyber[.]netsecops[.]io\n\ud83d\udd17 https://cyber.netsecops.io/articles/ivanti-sentry-critical-vulnerabilities-allow-root-rce/?utm_source=mastodon&utm_medium=social&utm_campaign=daily", "creation_timestamp": "2026-06-10T17:18:54.810607Z"}, {"uuid": "4d913a31-854e-4532-be61-e0e5bc10b626", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-10520", "type": "seen", "source": "https://bsky.app/profile/netsecio.bsky.social/post/3mnx7sbkzl52g", "content": "\u26a0\ufe0f CRITICAL: Ivanti patches two severe flaws in Sentry, including a root-level unauthenticated RCE (CVE-2026-10520). Technical details are public, exploitation risk is high. Patch immediately! #Ivanti #Vulnerability #RCE #CyberSecurity\n\n\ud83c\udf10 cyber[.]netsecops[.]io", "creation_timestamp": "2026-06-10T17:19:00.939712Z"}, {"uuid": "4f652402-bc24-45ff-b18f-1fb287bf06b1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-10520", "type": "seen", "source": "https://bsky.app/profile/sambowne.infosec.exchange.ap.brid.gy/post/3mnxpsjhllms2", "content": "More Evidence That Words Don't Mean What We Thought They Meant (Ivanti Sentry Pre-Auth OS Command Injection CVE-2026-10520) https://labs.watchtowr.com/more-evidence-that-words-dont-mean-what-we-thought-they-meant-ivanti-sentry-pre-auth-os-command-injection-cve-2026-10520/", "creation_timestamp": "2026-06-10T22:05:35.306903Z"}, {"uuid": "10c1fb26-f886-451f-b3b0-1a29d6087f97", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-10520", "type": "seen", "source": "https://bsky.app/profile/infosecbot.bsky.social/post/3mnxaehkw7l25", "content": "CVE-2026-10520, a critical (CVSS 10.0) OS Command Injection vulnerability\u00a0in Ivanti\u00a0Sentry is now under active exploitation as reported by \n@DefusedCyber\n \n\nScan infrastructure to see if you're vulnerable:\u2026\n\n\ud83d\udd01 RT @rxerium | reposted by @silascutler\nhttps://x.com/rxerium/status/2064659435956375874", "creation_timestamp": "2026-06-10T17:29:11.433034Z"}, {"uuid": "1f281d83-4c5e-4dda-b651-4f4eda8566dc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-10520", "type": "seen", "source": "https://bsky.app/profile/r-blueteamsec.bsky.social/post/3mnxbrsgyvi2d", "content": "More Evidence That Words Don't Mean What We Thought They Meant (Ivanti Sentry Pre-Auth OS Command Injection CVE-2026-10520) - watchTowr Labs", "creation_timestamp": "2026-06-10T17:54:55.241921Z"}, {"uuid": "f7a2966a-613e-4603-8f01-7d1598e47e4d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-10520", "type": "seen", "source": "https://bsky.app/profile/shadowserver.bsky.social/post/3mnxjknfsrc2k", "content": "We are observing a large amount of Ivanti Sentry CVE-2026-10520 exploitation attempts based on the public PoC today. We see 19 vulnerable instances in our own scans, with at least 2 backdoored (thanks to Saudi NCA for the tip!). However, all remaining likely compromised too.", "creation_timestamp": "2026-06-10T20:13:45.663938Z"}, {"uuid": "2e6896c4-a16c-4294-b13b-5b9e832f3ac3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-10520", "type": "seen", "source": "https://bsky.app/profile/shadowserver.bsky.social/post/3mnxjkqanyk2k", "content": "We are observing a large amount of Ivanti Sentry CVE-2026-10520 exploitation attempts based on the public PoC today. We see 19 vulnerable instances in our own scans, with at least 2 backdoored (thanks to Saudi NCA for the tip!). However, all remaining likely compromised too.", "creation_timestamp": "2026-06-10T20:13:46.692774Z"}, {"uuid": "ff6fdf4d-43e9-46ee-9283-7c9948d4a3aa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-10520", "type": "seen", "source": "https://bsky.app/profile/shadowserver.bsky.social/post/3mnxjkqapx22k", "content": "We are observing a large amount of Ivanti Sentry CVE-2026-10520 exploitation attempts based on the public PoC today. We see 19 vulnerable instances in our own scans, with at least 2 backdoored (thanks to Saudi NCA for the tip!). However, all remaining likely compromised too.", "creation_timestamp": "2026-06-10T20:13:48.149232Z"}, {"uuid": "5c408299-2681-489c-a46f-610387aff0d9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-10520", "type": "seen", "source": "https://bsky.app/profile/securityrss.bsky.social/post/3mnxkrgqk6z2r", "content": "On June 9, 2026, Ivanti disclosed two critical vulnerabilities in Ivanti Sentry: CVE-2026-10520 (OS command injection, CVSS 10.0) and CVE-2026-10523 (authentication bypass, CVSS 9.9). Both allow remote unauthenticated attackers to execute commands and gain administrative access.", "creation_timestamp": "2026-06-10T20:35:23.850021Z"}, {"uuid": "a86f885a-9226-4933-a56a-0bbd4659542d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-10520", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3mny6npocp42d", "content": "Top 3 CVE for last 7 days:\nCVE-2025-10263: 24 interactions\nCVE-2026-11645: 23 interactions\nCVE-2015-5119: 20 interactions\n\n\nTop 3 CVE for yesterday:\nCVE-2025-10263: 22 interactions\nCVE-2026-10520: 17 interactions\nCVE-2026-52884: 7 interactions\n", "creation_timestamp": "2026-06-11T02:31:14.400232Z"}, {"uuid": "07f82b1b-c71d-4b24-9003-7a9784e4eb3a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-10520", "type": "seen", "source": "https://bsky.app/profile/kitafox.bsky.social/post/3mnxyiljcqp2h", "content": "Ivanti Sentry\u306e\u91cd\u5927\u306a\u8106\u5f31\u6027\u306b\u3088\u308a\u3001\u30eb\u30fc\u30c8\u6a29\u9650\u3067\u306e\u30ea\u30e2\u30fc\u30c8\u30b3\u30fc\u30c9\u5b9f\u884c\u304c\u53ef\u80fd\u306b\u306a\u308b\uff08CVE-2026-10520\uff09 \n\nCritical Ivanti Sentry flaw allows root-level remote code execution (CVE-2026-10520)  #HelpNetSecurity (Jun 10)\n\nwww.helpnetsecurity.com/2026/06/10/i...", "creation_timestamp": "2026-06-11T00:40:58.913952Z"}, {"uuid": "03216cd4-cdaa-4540-9762-013317660289", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-10520", "type": "seen", "source": "https://advisories.ncsc.nl/advisory?id=NCSC-2026-0180", "content": "Ivanti heeft twee kwetsbaarheden verholpen in Sentry. De kwetsbaarheid met kenmerk CVE-2026-10520, waarvan Ivanti een CVSS-score van 10 heeft toegekend, kan een ongeauthenticeerde kwaadwillende op afstand in staat stellen willekeurige code uitvoeren met root rechten. De kwetsbaarheid met kenmerk CVE-2026-10523, die Ivanti een CVSS score van 9.9, heeft gegeven, kan door een ongeauthenticeerde kwaadwillende op afstand worden misbruikt om administratieve accounts aan te maken.\n\nMisbruik van deze kwetsbaarheden is mogelijk, maar de randvoorwaarden die nodig zijn om deze kwetsbaarheden op afstand uit te buiten, vereisen dat een managementpoort aan het internet is ontsloten. Deze randvoorwaarden zijn niet aanwezig in standaardimplementaties van Ivanti Sentry.\n\nDe kwetsbaarheden hebben Ivanti bereikt via responsible disclosure. Momenteel vindt er, voor zover bekend, geen actief misbruik van deze kwetsbaarheden plaats en is er geen publieke PoC code beschikbaar. Het NCSC verwacht echter dat dit op korte termijn zal veranderen.", "creation_timestamp": "2026-06-11T09:11:03.000000Z"}, {"uuid": "32db3ca2-9ef2-4128-b4c5-029246d224b1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-10520", "type": "seen", "source": "https://bsky.app/profile/thedailytechfeed.com/post/3mnzalay2552d", "content": "Ivanti Sentry's CVE-2026-10520 is under active exploitation post-PoC release. Patch now to prevent unauthorized access. #CyberSecurity #Ivanti #Vulnerability #PatchNow #InfoSec #DataProtection thedailytechfeed.com/ivanti-sentr...", "creation_timestamp": "2026-06-11T12:38:18.776297Z"}, {"uuid": "01546d26-08d5-4aee-905a-ad414aac6b43", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-10520", "type": "seen", "source": "https://bsky.app/profile/hendryadrian.bsky.social/post/3mnymtuoody2r", "content": "Active attacks target CVE-2026-10520, a max-severity Ivanti Sentry command injection flaw that can grant root code execution on exposed gateways. Fixes are available. #Ivanti #Sentry #CVE202610520", "creation_timestamp": "2026-06-11T06:45:12.609139Z"}, {"uuid": "bae397c1-3de6-4afb-87f9-caa6ee15cfb0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-10520", "type": "seen", "source": "https://bsky.app/profile/pixelsandpulse.bsky.social/post/3mnyonvr6ai2v", "content": "Ivanti Sentry users: Your max-severity vulnerability (CVE-2026-10520) is being actively exploited. Shadowserver confirmed widespread compromise just hours after patches were released. Don't wait\u2014patch immediately and assume your\u2026\n\nhttps://www.tpp.blog/1hdu31o\n\n#cybersecurity #ivanti #ivantisentry", "creation_timestamp": "2026-06-11T07:17:40.988577Z"}, {"uuid": "21a30937-e00c-412f-b500-d78c2509f3c9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-10520", "type": "seen", "source": "https://bsky.app/profile/hacker.at.thenote.app/post/3mnz2pvprxk2h", "content": "Critical Ivanti Sentry flaw allows root-level remote code execution (CVE-2026-10520)\n\nIvanti has patched two critical vulnerabilities (CVE-2026-10520 and CVE-2026-10523) in Ivanti Sentry and has urged customers to implement the fix right away. Though the vulnerabilities are not kn\u2026\n#hackernews #news", "creation_timestamp": "2026-06-11T10:53:32.234399Z"}, {"uuid": "53716490-9d14-4a30-a166-d754d2fcad08", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-10520", "type": "seen", "source": "https://bsky.app/profile/samilaiho.com/post/3mnzirh5ds22o", "content": "More Evidence That Words Don't Mean What We Thought They Meant (Ivanti Sentry\nPre-Auth OS Command Injection CVE-2026-10520)\nlabs.watchtowr.com/more-evidenc...", "creation_timestamp": "2026-06-11T15:04:59.125396Z"}, {"uuid": "c345fb6d-7d5e-4715-b9cb-431bf0904b63", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-10520", "type": "seen", "source": "https://infosec.exchange/ap/users/115741367687413652/statuses/116731856878998907", "content": "Ivanti's latest perfect 10\u2014this time a preauth command injection\u2014has been confirmed exploited in the wild.\nhttps://discourse.ifin.network/t/cve-2026-10520-ivanti-sentry-preauth-command-injection-eitw/573/\n#ThreatIntel #ThreatIntelligence #IFIN", "creation_timestamp": "2026-06-11T14:47:27.370455Z"}, {"uuid": "a0efabcb-489e-4272-9102-f9a0bfb688cd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-10520", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3mnzuz5m6cy2e", "content": "CVE-2026-10520 Exploited: Ivanti Sentry Gateways Compromised Shortly After Patch Release", "creation_timestamp": "2026-06-11T18:43:59.663949Z"}, {"uuid": "3f1ac1fd-b2ba-44ae-b3e3-831643967d84", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-10520", "type": "seen", "source": "https://bsky.app/profile/hapsis.bsky.social/post/3mnzvw4snv22r", "content": "CVE-2026-10520 Exploited: Ivanti Sentry Gateways Compromised Shortly After Patch Release\n\nsecurityaffairs.com/193530/uncat...\n\n#Cybersecurity #LargeScaleImpact #Vulnerability", "creation_timestamp": "2026-06-11T19:00:12.488133Z"}, {"uuid": "e5d3dac4-6b2a-4afa-96d4-1ba9933403d0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-10520", "type": "seen", "source": "https://bsky.app/profile/cvesentinel.bsky.social/post/3mnzwnn7thm2d", "content": "\ud83d\uded1 CVE-2026-10520\nIvanti Sentry\nCVSS 10.0 / EPSS 3% / KEV: No\nTL;DR: An OS Command Injection vulnerability in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7\u2026\nhttps://cvesentinel.com/report/CVE-2026-10520?utm_source=bluesky&utm_medium=social&utm_campaign=cvesentinel\n#infosec #CVE #vulnerability", "creation_timestamp": "2026-06-11T19:13:20.494587Z"}, {"uuid": "5476bcb0-15ea-4fc5-bc3e-cf06af6f55a7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-10520", "type": "seen", "source": "https://bsky.app/profile/ainewsdaily.news/post/3mo27ztpjd32d", "content": "\ud83d\udcf0 Ivanti Sentry pre-auth RCE (CVE-2026-10520) \u2013 CVSS 10.0, public PoC, CISA KEV\n\n#Tech #Technology #News", "creation_timestamp": "2026-06-11T22:01:13.945291Z"}, {"uuid": "930ab6cf-35d7-4228-bf4a-a2562f5343aa", "vulnerability_lookup_origin": "405284c2-e461-4670-8979-7fd2c9755a60", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-10520", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/b07dd423-1f0f-42fa-90f3-a527a7ecb94a", "content": "", "creation_timestamp": "2026-06-11T20:00:02.704031Z"}, {"uuid": "49ac490d-5314-4bb6-a46d-903bb69a89c7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-10520", "type": "seen", "source": "https://bsky.app/profile/undercodenews.bsky.social/post/3mnzzow2shf2z", "content": "Ivanti Under Siege: Critical CVE-2026-10520 Exploited Within Hours as Attackers Race Ahead of Defenders +\u00a0Video\n\nA Dangerous Reality Emerges for Ivanti Customers The cybersecurity world witnessed yet another alarming reminder of how quickly threat actors can weaponize newly disclosed\u2026", "creation_timestamp": "2026-06-11T20:07:44.912364Z"}, {"uuid": "d176458c-1c0a-4f38-94c7-8b84dee5fcd8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-10520", "type": "seen", "source": "https://bsky.app/profile/hn100.bsky.social/post/3mo23thsi4k2r", "content": "Ivanti Sentry pre-auth RCE (CVE-2026-10520) \u2013 CVSS 10.0, public PoC, CISA KEV\n\nDiscussion", "creation_timestamp": "2026-06-11T20:46:06.176484Z"}, {"uuid": "c297d8c6-7abd-44f9-b985-ff7eaad3a69b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-10520", "type": "seen", "source": "https://bsky.app/profile/hnws.bsky.social/post/3mo23tkdjte2d", "content": "Ivanti Sentry pre-auth RCE (CVE-2026-10520) \u2013 CVSS 10.0, public PoC, CISA KEV\ncomments \u00b7 posted on 2026.06.11 at 15:38:42 (c=0, p=4)", "creation_timestamp": "2026-06-11T20:46:08.021408Z"}, {"uuid": "b5d22438-2c08-40dc-b6c9-cbab26bc6216", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-10520", "type": "seen", "source": "https://bsky.app/profile/news.karthihegde.dev/post/3mo23vdm4gn2m", "content": "Ivanti Sentry pre-auth RCE (CVE-2026-10520) \u2013 CVSS 10.0, public PoC, CISA KEV\nDiscussion | hackernews | Author: slvnx", "creation_timestamp": "2026-06-11T20:47:08.779453Z"}, {"uuid": "3dd0ca4e-96b4-4858-b080-c202a54a11ab", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-10520", "type": "seen", "source": "https://bsky.app/profile/secdb.bsky.social/post/3mo24mw6gwu2a", "content": "\ud83d\udea8 CISA Adds One Known Exploited Vulnerability to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0611)\n\n\u26a0\ufe0f CVE-2026-10520 - Ivanti Sentry OS Command Injection Vulnerability\n\n\n#ZEN #SecDB #InfoSec #CISA_KEV", "creation_timestamp": "2026-06-11T21:00:18.739921Z"}, {"uuid": "e88636e6-27a0-4684-8cf7-0152c2777f5f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-10520", "type": "seen", "source": "https://bsky.app/profile/kitafox.bsky.social/post/3mo2jiyzhah2e", "content": "CISA\u304c\u65e2\u77e5\u306e\u60aa\u7528\u3055\u308c\u305f\u8106\u5f31\u6027\u30921\u4ef6\u30ab\u30bf\u30ed\u30b0\u306b\u8ffd\u52a0  \n\nCISA Adds One Known Exploited Vulnerability to Catalog  #CISA (Jun 11)\n\nCVE-2026-10520 Ivanti Sentry OS \u30b3\u30de\u30f3\u30c9\u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3\u306e\u8106\u5f31\u6027 \n\nwww.cisa.gov/news-events/...", "creation_timestamp": "2026-06-12T00:50:46.068787Z"}, {"uuid": "f222bb7e-bfae-40ff-9112-6fc390eb3429", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-10520", "type": "seen", "source": "https://bsky.app/profile/kitafox.bsky.social/post/3mo2js7koln24", "content": "CVE-2026-10520\u304c\u60aa\u7528\u3055\u308c\u307e\u3057\u305f\uff1aIvanti Sentry\u30b2\u30fc\u30c8\u30a6\u30a7\u30a4\u304c\u30d1\u30c3\u30c1\u30ea\u30ea\u30fc\u30b9\u76f4\u5f8c\u306b\u4fb5\u5bb3\u3055\u308c\u307e\u3057\u305f \n\nCVE-2026-10520 Exploited: Ivanti Sentry Gateways Compromised Shortly After Patch Release  #SecurityAffairs (Jun 11)\n\nsecurityaffairs.com/193530/uncat...", "creation_timestamp": "2026-06-12T00:55:55.149040Z"}, {"uuid": "2523fe16-214b-4c92-8c2d-7dcf140f08b1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "c933734a-9be8-4142-889e-26e95c752803", "vulnerability": "CVE-2026-10520", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/79a30108-df05-4aba-b6ba-f5007cb6cbf0", "content": "", "creation_timestamp": "2026-06-12T06:55:17.875392Z"}, {"uuid": "5d4c8528-4c33-490d-8946-115666871472", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-10520", "type": "seen", "source": "https://bsky.app/profile/cyberlensai.bsky.social/post/3mo2v2mwuvf2i", "content": "CVE watch: CVE-2026-10520: Ivanti Sentry - Ivanti Sentry OS Command Injection...\n\nCheck exposure, dependency, and agent/tool access before panic-patching. Inventory beats vibes.\n\nSource: cisa.gov\nhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2026-10520", "creation_timestamp": "2026-06-12T04:17:28.600093Z"}, {"uuid": "2d9a4723-b73c-4943-8455-0b85e42a9235", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-10520", "type": "seen", "source": "https://bsky.app/profile/ahmandonk.bsky.social/post/3mo3f3ho3jj2p", "content": "\ud83d\udcf0 CISA Perintahkan Agen Federal Tambal Celah Keamanan Kritis Ivanti Sentry dalam 3 Hari\n\n\ud83d\udc49 Baca artikel lengkap di sini: https://ahmandonk.com/2026/06/12/cisa-perintahkan-tambal-ivanti-sentry-hari-minggu/\n\n#bod26-04 #cisa #cve-2026-10520 #gadget #hacker #hardware #ivantiSentry #keamananSiber #", "creation_timestamp": "2026-06-12T09:04:16.372602Z"}, {"uuid": "973c9182-f0ee-4a10-ad10-1ebed224c945", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-10520", "type": "seen", "source": "https://bsky.app/profile/pixelsandpulse.bsky.social/post/3mo3fp5fk5n26", "content": "CISA just issued a Binding Operational Directive: patch the actively exploited Ivanti Sentry flaw (CVE-2026-10520) by Sunday. Attackers are already leveraging this critical command injection to gain root access. Is your network safe?\n\nhttps://www.tpp.blog/1crtyng\n\n#cybersecurity #cisa #ivanti", "creation_timestamp": "2026-06-12T09:15:17.041737Z"}, {"uuid": "f3ba935a-3749-44ae-b7ea-53c85ee1cafe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-10520", "type": "seen", "source": "https://bsky.app/profile/blackhatnews.tokyo/post/3mo3huapyes2y", "content": "Ivanti Sentry\u3001\u30cf\u30cb\u30fc\u30dd\u30c3\u30c8\u3078\u306e\u60aa\u7528\u8a66\u884c\u3092\u78ba\u8a8d\n\n\u7c73\u30b5\u30a4\u30d0\u30fc\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u30fb\u30a4\u30f3\u30d5\u30e9\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u5e81\uff08CISA\uff09\u306f\u3001\u6700\u8fd1\u30d1\u30c3\u30c1\u304c\u9069\u7528\u3055\u308c\u305fIvanti Sentry\u306e\u8106\u5f31\u6027\u3092\u60aa\u7528\u6e08\u307f\u3068\u3057\u3066\u6307\u6458\u3057\u307e\u3057\u305f\u304c\u3001Ivanti\u306f\u305d\u306e\u6d3b\u52d5\u304c\u30cf\u30cb\u30fc\u30dd\u30c3\u30c8\u4e0a\u3067\u306e\u307f\u89b3\u6e2c\u3055\u308c\u305f\u3082\u306e\u3060\u3068\u8aac\u660e\u3057\u3066\u3044\u307e\u3059\u3002 CVE-2026-10520\uff08CVSS\u30b9\u30b3\u30a210/10\uff09\u3068\u3057\u3066\u8ffd\u8de1\u3055\u308c\u3066\u3044\u308b\u3053\u306e\u8106\u5f31\u6027\u306f", "creation_timestamp": "2026-06-12T09:53:55.725897Z"}, {"uuid": "6fbc3f19-85bd-462f-b0fb-cba401c94037", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-10520", "type": "seen", "source": "https://bsky.app/profile/infosecbriefly.bsky.social/post/3mo3hvyaolh2b", "content": "CVE-2026-10520 is a critical Ivanti Sentry OS command injection flaw that CISA added to KEV, while Ivanti says observed activity was limited to honeypots.\n", "creation_timestamp": "2026-06-12T09:54:54.026076Z"}, {"uuid": "a63c7235-0bd2-43dc-9bc8-f4e5d819a1ed", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-10520", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2026-06-11)", "content": "", "creation_timestamp": "2026-06-11T00:00:00.000000Z"}, {"uuid": "9618ba14-bca3-40c5-aa7c-e03e064d6f03", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-10520", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116736670151320147", "content": "\u26a0\ufe0f CRITICAL: Ivanti Sentry OS command injection (CVE-2026-10520) enables remote root execution via exposed mgmt port 8443. Only honeypot hits so far \u2014 patch versions 10.5.2, 10.6.2, 10.7.1+ ASAP & restrict access! https://radar.offseq.com/threat/ivanti-sentry-exploitation-attempts-hitting-honeyp-ce849175 #OffSeq #Ivanti #Vuln #Infosec", "creation_timestamp": "2026-06-12T10:30:28.225233Z"}, {"uuid": "0f731000-d685-4802-a0fb-b4b67ca61004", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-10520", "type": "seen", "source": "https://bsky.app/profile/hendryadrian.bsky.social/post/3mo3i7isr2d26", "content": "CISA ordered federal agencies to patch the actively exploited Ivanti Sentry flaw CVE-2026-10520 within 3 days. Shadowserver reported widespread attacks against unpatched internet-exposed gateways. #IvantiSentry #CISA #Shadowserver", "creation_timestamp": "2026-06-12T10:00:13.904318Z"}, {"uuid": "177105ad-6b31-4fe1-83cd-14212d360a04", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-10520", "type": "seen", "source": "https://bsky.app/profile/hendryadrian.bsky.social/post/3mo3vmoic7o2d", "content": "CISA added CVE-2026-10520 in Ivanti Sentry to its KEV list after signs of exploitation. Ivanti says activity was seen on honeypots. The flaw is a critical unauthenticated OS command injection bug. #CISA #IvantiSentry #KEV", "creation_timestamp": "2026-06-12T14:00:14.261470Z"}, {"uuid": "47f134f8-d401-4f6e-9be9-2f4fdec8576b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-10520", "type": "seen", "source": "https://bsky.app/profile/cyberhub.blog/post/3mo3vyysdje2c", "content": "\ud83d\udccc CVE-2026-10520 - An OS Command Injection vulnerability\u00a0in Ivanti\u00a0Sentry before\u00a0the\u00a0R10.5.2, R10.6.2 and R10.7.1\u00a0versions\u00a0allows\u00a0a remote unauthenticated user to achiev... https://www.cyberhub.blog/cves/CVE-2026-10520", "creation_timestamp": "2026-06-12T14:07:07.484358Z"}]}