Attackers are now using a maximum-severity Ivanti Sentry vulnerability, tracked as CVE-2026-10520, to gain root privileges on Internet-exposed gateways. Ivanti patched the issue on Tuesday, but Shadowserver reports most exposed gateways have already been backd
For anyone still running an Internet-facing Ivanti Sentry, the timing is grim. Ivanti patched a maximum-severity flaw on Tuesday, yet the next day a major Internet security watchdog warned that attackers had already moved from proof to persistence.
The target is Ivanti Sentry—formerly known as MobileIron Sentry—a security gateway appliance that sits between back-end corporate systems and remote mobile devices. The vulnerability, tracked as CVE-2026-10520, is an OS command injection weakness. Ivanti said it released Sentry versions R10.5.2, R10.6.2, and R10.7.1 to address it.
Ivanti had previously said it had no evidence of in-the-wild exploitation at the time. That message didn’t last through the next day.
Shadowserver reported that attackers had already backdoored most of the Sentry gateways exposed online. The nonprofit watchdog also cautioned that its scanning results are limited: it detects only a very limited number of exposed instances. and it added that its search engine being blocklisted could mean more gateways exist than its visibility suggests.
“We are observing a large amount of Ivanti Sentry CVE-2026-10520 exploitation attempts based on the public PoC today. We see 19 vulnerable instances in our own scans, with at least 2 backdoored (thanks to Saudi NCA for the tip!). However, all remaining likely compromised too,” Shadowserver warned.
Shadowserver added: “While our detection is on the lowish side due to multiple Ivanti Sentry instances not reachable in our scans (blocklisted?), if you have not patched now you are most likely compromised.”
Behind those lines is a hard operational problem for security teams: patching isn’t just about stopping new attempts. If gateways are already backdoored, then stopping the exploit doesn’t necessarily erase the intrusion.
Ivanti has not updated the security advisory it issued on Tuesday. That advisory still states: “We are not aware of any customers being exploited by these vulnerabilities at the time of disclosure.” When asked for further details about the ongoing attacks. an Ivanti spokesperson was not immediately available for comment.
Part of why Ivanti Sentry draws attackers is its role as a gateway into enterprise systems. The flaw doesn’t just threaten a standalone appliance—it can become an entry point into targets’ broader networks, opening the door to theft of sensitive customer and corporate data.
The pattern is familiar across Ivanti’s history. Multiple Ivanti zero-days have been exploited in recent years to breach a wide range of targets, including government agencies worldwide. Two critical Endpoint Manager Mobile (EPMM) vulnerabilities were addressed by Ivanti in January after they were exploited as zero-days against a “very limited number of customers.”.
Last month, the Cybersecurity and Infrastructure Security Agency (CISA) ordered U.S. federal agencies to patch Ivanti systems after Ivanti warned customers about a high-severity remote code execution EPMM flaw that was abused in zero-day attacks.
CISA has flagged 34 vulnerabilities across various Ivanti products as actively exploited in the wild, with 12 of them also targeted in ransomware attacks.
Ivanti, meanwhile, operates a network of over 7,000 partners and has over 3,000 employees. Its IT asset management solutions are used by over 40,000 customers worldwide.
Right now. the core question for administrators is simple and urgent: Tuesday’s patch release didn’t slow the exploitation curve. and Shadowserver’s message suggests many Internet-exposed gateways may already be compromised—even where scans find only a small number of instances. If you haven’t patched now, Shadowserver’s warning is blunt: you are most likely compromised.
Ivanti Sentry CVE-2026-10520 MobileIron Sentry OS command injection root privileges exploitation attempts backdoored gateways cybersecurity Shadowserver patch release R10.5.2 R10.6.2 R10.7.1
So they patched it Tuesday but by Wednesday it’s already backdoored? Love to see how fast this stuff spreads.
Wait is this the thing that lets people into company emails from phones? If so then yeah everyone needs to shut it off immediately. Root privileges sounds like it’s game over.
I don’t get why they say “patching” if it’s already compromised. Like if they backdoored it, won’t the patch just ignore the bad part or whatever? Also why did it take them a day to admit exploitation?
19 vulnerable instances in scans… but it’s probably way more because blocklisted? That’s kind of terrifying. Also “Saudi NCA tip” feels like a weird detail lol like does that mean it started over there or what? My IT guy is gonna be mad at me.