CERT-EU 2026-06-10

2026-008: Critical vulnerabilities in Ivanti Sentry

Machine-generated analysis · WAYSCloud LLM

The advisory states that unauthenticated remote code execution is possible on vulnerable Ivanti Sentry devices.

Context

Ivanti Sentry is a product line used for secure access and identity management. The advisory identifies two critical vulnerabilities that could allow an attacker to execute code remotely without authentication. No additional details about the specific components or attack vectors are provided in the public notice. Worth noting that the vulnerabilities are classified as enabling unauthenticated exploitation.

Operator considerations

Check: inventory Ivanti Sentry devices to determine exposure
Patch: apply updates provided by Ivanti as referenced in their advisory[1]

From Computer Emergency Response Team for the EU institutions ↗

On 9 June 2026, Ivanti released a security advisory addressing two critical vulnerabilities in their Sentry products[1]. An attacker could exploit those flaws to achieve unauthenticated remote code execution on the vulnerable device.

Read the full advisory on CERT-EU →