A critical operating system command injection vulnerability located within a widely deployed mobile gate access controller has been officially added to the federal directory of validated internet threats following active wild exploitation. The flaw permits remote unauthenticated threat operators to bypass edge parameters to run unauthorized commands.
Tracked as CVE-2026-10520, the vulnerability impacts Ivanti Sentry appliance configurations running vulnerable software variants. The defect involves an input validation failure inside administrative parsing subroutines, allowing external network packets to drop execution filters. Following its inclusion into the KEV database by CISA, automated script arrays have been documented launching targeted sweeps to locate exposed public interfaces to plant persistent system backdoors.
Compromising a border gateway appliance gives initial access brokers an unmonitored foothold into secure local area segments. Attackers can leverage control of the gate framework to map underlying directory service topologies, capture network logs, and coordinate lateral movement sequences targeting adjacent enterprise servers.
– Apply the designated software updates and security patch levels provided by the manufacturer to all appliances immediately.
– Discontinue direct public network access to the gateway administration dashboard, gating access inside isolated internal zones.
– Analyze gateway event files for unusual parameter structures matching command injection execution paths.
– Conduct a retroactive security review to ensure no unauthorized configuration updates were applied during the exposure phase.
Perimeter security models rely on immediate version upgrades to ensure boundary protection nodes are completely shielded from unauthenticated remote script exploitation. #CodeDefence #Ivanti #Sentry #CommandInjection #CISA #KEV
/
