Exploit for Ivanti Sentry handleMessage authentication bypass and command execution CVE-2026-10520 CVE-2026-10523

Name: Exploit for Ivanti Sentry handleMessage authentication bypass and command execution CVE-2026-10520 CVE-2026-10523
Rating: 5 (3 reviews)

2026-06-11 | CVSS 10.0

## https://sploitus.com/exploit?id=SAINT:82C88DC7685611B1AA21D41712B53214
Added: 06/11/2026  


### Background

Ivanti Sentry, formerly MobileIron Sentry, is an in-line gateway that manages, encrypts, and secures traffic between the mobile device and back-end enterprise systems. 

### Problem

An authentication bypass and command execution vulnerability in the `handleMessage` endpoint allows a remote unauthenticated attacker to execute arbitrary commands. 

### Resolution

Upgrade to version 10.5.2, 10.6.2, or 10.7.1 or higher. 

### References

https://hub.ivanti.com/s/article/Security-Advisory-Ivanti-Sentry-CVE-2026-10520-CVE-2026-10523