watchtowrlabs/watchtowr-vs-ivanti-sentry-rce-cve-2026-10520-cve-2026-10523 — explained in plain English
Analysis updated 2026-05-18
Point the script at your own Ivanti Sentry server to confirm whether it is vulnerable to authentication bypass before attackers find it.
Verify that the official Ivanti security patch was applied correctly by checking that the script can no longer run commands on the server.
Generate documented evidence of CVE-2026-10520 or CVE-2026-10523 exposure during a security audit by capturing the terminal output.
| watchtowrlabs/watchtowr-vs-ivanti-sentry-rce-cve-2026-10520-cve-2026-10523 | aim-uofa/reasonmatch | arpecop/kokobook | |
|---|---|---|---|
| Stars | 12 | 12 | 12 |
| Language | Python | Python | Python |
| Setup difficulty | easy | hard | hard |
| Complexity | 2/5 | 5/5 | 3/5 |
| Audience | ops devops | researcher | general |
Figures from each repo's GitHub metadata at analysis time.
Requires a live Ivanti Sentry instance URL to test against.
This repository contains a detection tool released by watchTowr Labs targeting two security vulnerabilities in Ivanti Sentry, a product many organizations use to manage access to corporate email and other services on mobile devices. The vulnerabilities are tracked as CVE-2026-10520 and CVE-2026-10523, and together they allow an attacker to bypass authentication and then run arbitrary commands on the server without needing a valid account. The tool is a single Python script. You point it at a target URL and give it a command to run. If the target system is unpatched, it sends a specially crafted request to a specific API endpoint, the server executes the command, and the output is printed back. The README includes an example showing the server responding with its Linux kernel version, which confirms the command executed successfully on the remote machine. watchTowr frames this as a detection artifact generator, meaning it is intended for security teams to verify whether their own Ivanti Sentry installations are vulnerable before an attacker finds them. The tool does not hide what it is doing: it prints the target, the command, and the result clearly in the terminal. Remediation means applying the patch from the official Ivanti security advisory. The README links directly to that advisory. Anyone running Ivanti Sentry should check whether they have applied the fix, because this tool makes it straightforward for anyone to test an exposed instance.
A single Python script that tests whether an Ivanti Sentry server is vulnerable to two critical flaws, CVE-2026-10520 and CVE-2026-10523, which let attackers bypass login and run commands on the server without an account. Built by watchTowr Labs for security teams auditing their own systems.
Mainly Python. The stack also includes Python.
Setup difficulty is rated easy, with roughly 5min to a first successful run.
Mainly ops devops.
This repo across BitVibe Labs
Verify against the repo before relying on details.