// #mobileiron
2 articles
Ivanti Sentry CVE-2026-10520: CVSS 10.0 Pre-Authentication RCE Exploited After PoC Release
Ivanti has disclosed CVE-2026-10520, a CVSS 10.0 pre-authentication remote code execution vulnerability in Ivanti Sentry (formerly MobileIron Sentry) that is being actively exploited following public proof-of-concept release. A companion OS command injection flaw CVE-2026-10523 (CVSS 9.4) affects the same platform. Both require immediate action for all organisations running Ivanti Sentry in their mobile device management infrastructure.
Ivanti EPMM CVE-2026-6973 — Remote Code Execution Added to CISA KEV, Patch Required
Ivanti has disclosed CVE-2026-6973, a remote code execution vulnerability in Endpoint Manager Mobile (EPMM, formerly MobileIron) that has been added to the CISA Known Exploited Vulnerabilities catalogue following confirmed limited exploitation. EPMM is a mobile device management platform used by government agencies and enterprises. Organisations should apply the available patch and audit administrator account activity. EPMM has a prior history of critical exploitation including the 2023 Norwegian government attack.