While the company said at the time that it had no evidence of in-the-wild exploitation, the Shadowserver nonprofit security organization reported the next day that attackers had already backdoored most of the Sentry gateways exposed online.
The Internet security watchdog also added that, while its scans detect only a very limited number of exposed Sentry instances, there are likely more due to its search engine being blocklisted.
"We are observing a large amount of Ivanti Sentry CVE-2026-10520 exploitation attempts based on the public PoC today. We see 19 vulnerable instances in our own scans, with at least 2 backdoored (thanks to Saudi NCA for the tip!). However, all remaining likely compromised too," Shadowserver warned.
"While our detection is on the lowish side due to multiple Ivanti Sentry instances not reachable in our scans (blocklisted?), if you have not patched now you are most likely compromised."
More recently, the Cybersecurity and Infrastructure Security Agency (CISA) ordered U.S. federal agencies last month to patch Ivanti systems on their networks after the company warned customers about a high-severity remote code execution EPMM flaw that was abused in zero-day attacks.
Post a Comment Community Rules
You need to login in order to post a comment
Not a member yet? Register Now
<small>Source: Bleeping Computer</small>
