// #cvss-10
2 articles
Ivanti Sentry CVE-2026-10520: CVSS 10.0 Pre-Authentication RCE Exploited After PoC Release
Ivanti has disclosed CVE-2026-10520, a CVSS 10.0 pre-authentication remote code execution vulnerability in Ivanti Sentry (formerly MobileIron Sentry) that is being actively exploited following public proof-of-concept release. A companion OS command injection flaw CVE-2026-10523 (CVSS 9.4) affects the same platform. Both require immediate action for all organisations running Ivanti Sentry in their mobile device management infrastructure.
CISA Supplemental Direction ED 26-03: How to Hunt for Compromise in Cisco Catalyst SD-WAN
CISA has issued supplemental hunt-and-hardening guidance for Cisco Catalyst SD-WAN systems under Emergency Directive 26-03, providing defenders with specific indicators to look for in environments exposed to CVE-2026-20127 — a CVSS 10.0 authentication bypass exploited since 2023. Organisations running Cisco SD-WAN infrastructure should treat this guidance as a mandatory compromise assessment checklist.