Ivanti Standalone Sentry vulnerabilities
4 known vulnerabilities affecting ivanti/standalone_sentry.
Total CVEs
4
CISA KEV
1
actively exploited
Public exploits
2
Exploited in wild
2
Severity breakdown
CRITICAL2HIGH1MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2026-10520P1CRITICALCVSS 10.0KEVPoCfixed in 10.5.2≥ 10.6.0, < 10.6.2+1 more2026-06-09
CVE-2026-10520 [CRITICAL] CWE-78 CVE-2026-10520: An OS Command Injection vulnerability in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versi
An OS Command Injection vulnerability in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote unauthenticated user to achieve root-level remote code execution
nvd
CVE-2023-41724P1HIGHCVSS 8.8Exploitedfixed in 9.19.02024-03-31
CVE-2023-41724 [HIGH] CWE-77 CVE-2023-41724: A command injection vulnerability in Ivanti Sentry prior to 9.19.0 allows unauthenticated threat act
A command injection vulnerability in Ivanti Sentry prior to 9.19.0 allows unauthenticated threat actor to execute arbitrary commands on the underlying operating system of the appliance within the same physical or logical network.
nvd
CVE-2026-10523P1CRITICALCVSS 9.8PoCfixed in 10.5.2≥ 10.6.0, < 10.6.2+1 more2026-06-09
CVE-2026-10523 [CRITICAL] CWE-288 CVE-2026-10523: An Authentication Bypass vulnerability (CWE-288) in Ivanti Sentry before the R10.5.2, R10.6.2 and R1
An Authentication Bypass vulnerability (CWE-288) in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote unauthenticated attacker to create arbitrary administrative accounts and obtain full administrative access
nvd
CVE-2024-8540P4MEDIUMCVSS 5.5fixed in 9.20.2v10.0.12024-12-10
CVE-2024-8540 [MEDIUM] CWE-732 CVE-2024-8540: Insecure permissions in Ivanti Sentry before versions 9.20.2 and 10.0.2 or 10.1.0 allow a local auth
Insecure permissions in Ivanti Sentry before versions 9.20.2 and 10.0.2 or 10.1.0 allow a local authenticated attacker to modify sensitive application components.
nvd