whatisgithub

What is watchtowr-vs-ivanti-sentry-rce-cve-2026-10520-cve-2026-10523?

watchtowrlabs/watchtowr-vs-ivanti-sentry-rce-cve-2026-10520-cve-2026-10523 — explained in plain English

Analysis updated 2026-05-18

12PythonAudience · ops devopsComplexity · 2/5Setup · easy

In one sentence

A single Python script that tests whether an Ivanti Sentry server is vulnerable to two critical flaws, CVE-2026-10520 and CVE-2026-10523, which let attackers bypass login and run commands on the server without an account. Built by watchTowr Labs for security teams auditing their own systems.

Mindmap

mindmap
  root((repo))
    What it does
      Auth bypass test
      Remote code check
      Output to terminal
    Tech Stack
      Python script
    Vulnerabilities
      CVE-2026-10520
      CVE-2026-10523
      Ivanti Sentry
    Use Cases
      Self audit
      Patch verification
    Remediation
      Official advisory
      Apply patch
Click or tap to explore — scroll the page freely

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

What do people build with it?

USE CASE 1

Point the script at your own Ivanti Sentry server to confirm whether it is vulnerable to authentication bypass before attackers find it.

USE CASE 2

Verify that the official Ivanti security patch was applied correctly by checking that the script can no longer run commands on the server.

USE CASE 3

Generate documented evidence of CVE-2026-10520 or CVE-2026-10523 exposure during a security audit by capturing the terminal output.

What is it built with?

Python

How does it compare?

watchtowrlabs/watchtowr-vs-ivanti-sentry-rce-cve-2026-10520-cve-2026-10523aim-uofa/reasonmatcharpecop/kokobook
Stars121212
LanguagePythonPythonPython
Setup difficultyeasyhardhard
Complexity2/55/53/5
Audienceops devopsresearchergeneral

Figures from each repo's GitHub metadata at analysis time.

How do you get it running?

Difficulty · easy Time to first run · 5min

Requires a live Ivanti Sentry instance URL to test against.

So what is it?

This repository contains a detection tool released by watchTowr Labs targeting two security vulnerabilities in Ivanti Sentry, a product many organizations use to manage access to corporate email and other services on mobile devices. The vulnerabilities are tracked as CVE-2026-10520 and CVE-2026-10523, and together they allow an attacker to bypass authentication and then run arbitrary commands on the server without needing a valid account. The tool is a single Python script. You point it at a target URL and give it a command to run. If the target system is unpatched, it sends a specially crafted request to a specific API endpoint, the server executes the command, and the output is printed back. The README includes an example showing the server responding with its Linux kernel version, which confirms the command executed successfully on the remote machine. watchTowr frames this as a detection artifact generator, meaning it is intended for security teams to verify whether their own Ivanti Sentry installations are vulnerable before an attacker finds them. The tool does not hide what it is doing: it prints the target, the command, and the result clearly in the terminal. Remediation means applying the patch from the official Ivanti security advisory. The README links directly to that advisory. Anyone running Ivanti Sentry should check whether they have applied the fix, because this tool makes it straightforward for anyone to test an exposed instance.

Copy-paste prompts

Prompt 1
My organization runs Ivanti Sentry at https://sentry.example.com. Walk me through running the watchTowr detection script to check if it is vulnerable to CVE-2026-10520 or CVE-2026-10523.
Prompt 2
Explain in plain terms how CVE-2026-10520 and CVE-2026-10523 work in Ivanti Sentry and why an attacker without any account can still run commands on the server.
Prompt 3
Write a Python wrapper that takes a list of Ivanti Sentry URLs, runs the watchTowr RCE detection script against each one, and saves the results to a CSV file.
Prompt 4
What steps should I take right away if the watchTowr Ivanti Sentry script confirms my server is vulnerable, before I can apply the patch?

Frequently asked questions

What is watchtowr-vs-ivanti-sentry-rce-cve-2026-10520-cve-2026-10523?

A single Python script that tests whether an Ivanti Sentry server is vulnerable to two critical flaws, CVE-2026-10520 and CVE-2026-10523, which let attackers bypass login and run commands on the server without an account. Built by watchTowr Labs for security teams auditing their own systems.

What language is watchtowr-vs-ivanti-sentry-rce-cve-2026-10520-cve-2026-10523 written in?

Mainly Python. The stack also includes Python.

How hard is watchtowr-vs-ivanti-sentry-rce-cve-2026-10520-cve-2026-10523 to set up?

Setup difficulty is rated easy, with roughly 5min to a first successful run.

Who is watchtowr-vs-ivanti-sentry-rce-cve-2026-10520-cve-2026-10523 for?

Mainly ops devops.

Open on GitHub → Ask about another repo

This repo across BitVibe Labs

Verify against the repo before relying on details.