CVE-2026-10520: Ivanti Sentry OS Command Injection — CVSS 10.0

A critical unauthenticated OS command injection (CVE-2026-10520, CVSS 10.0) was disclosed in Ivanti Sentry, allowing remote attackers to execute arbitrary commands as root on affected versions prior to R10.5.2, R10.6.2, and R10.7.1; the advisory demands immediate patching, forensic review for signs of compromise, and temporary network mitigations, and notes Ivanti products have been recurrent targets of nation-state actors.