Ivanti: Max severity Sentry flaw allows code execution as root

Ivanti patched two critical Sentry vulnerabilities, including CVE-2026-10520, a maximum-severity OS command injection flaw allowing remote root code execution. The second flaw, CVE-2026-10523, is an authentication bypass enabling unauthenticated attackers to create rogue admin accounts. Ivanti released fixes in versions R10.5.2, R10.6.2, and R10.7.1, with no evidence of exploitation in the wild.