Ivanti Releases Patches for Two Critical Vulnerabilities in Sentry Mobile Gateway
Ivanti disclosed two critical vulnerabilities in its Sentry mobile gateway product, including a maximum-severity flaw (CVE-2026-10520) allowing unauthenticated remote code execution with root privileges and a 9.9-rated authentication bypass (CVE-2026-10523) enabling unauthorized admin account creation. The vulnerabilities affect versions 10.0 and 9.9, with patches available in versions 10.5.2, 10.6.2, and 10.7.1. This marks the second major vulnerability disclosure from Ivanti in recent months, following critical flaws in its Endpoint Manager Mobile product that were exploited as zero-days in January.
Ivanti has issued an urgent security advisory for two critical vulnerabilities affecting its Sentry unified endpoint management product. The first vulnerability, CVE-2026-10520, carries a perfect 10.0 CVSS score and allows remote, unauthenticated attackers to execute arbitrary code with root privileges by sending specially crafted messages to an exposed Apache Tomcat API that parses them as MICS configuration commands. The second flaw, CVE-2026-10523, rates 9.9 CVSS and permits unauthenticated attackers to create administrator accounts and gain full system privileges. While Ivanti reports no confirmed wild exploitation of CVE-2026-10520 to date, security researchers at watchTowr have already published technical breakdowns of the vulnerability, potentially accelerating exploitation timelines. The company has patched both issues and recommends immediate upgrades to versions 10.5.2, 10.6.2, or 10.7.1. This disclosure follows Ivanti's January disclosure of two separate 9.8-rated critical vulnerabilities in its Endpoint Manager Mobile product that were actively exploited as zero-days, including an attack on the Dutch data protection authority.
What different sources said
- The RegisterCenter
Ivanti tells Sentry customers to patch now as critical bugs hit 10.0 and 9.9
Related
Potensic Atom 3 Drone Offers DJI Alternative for Global Markets, But Faces US Import Ban
Potensic has released the Atom 3, an upgraded beginner drone featuring a larger sensor, 4K 60fps video, improved battery life, and AI tracking capabilities at competitive pricing ($429.99-$549.99). The drone competes directly with DJI's Lito X1 but faces the same regulatory barriers as DJI in the US market due to a ban on foreign-made drones. The availability restrictions highlight ongoing US trade restrictions on Chinese drone manufacturers and limit consumer choice in the American market.
Wing and Walmart Expand Drone Delivery to Seven Additional U.S. Cities
Alphabet-owned Wing and Walmart are expanding their drone delivery partnership to seven new U.S. cities including Memphis, New Orleans, Philadelphia, Phoenix, San Diego, the San Francisco Bay Area, and Salt Lake City. The expansion is part of a plan to reach over 270 Walmart locations by next year, building on successful deployments in Atlanta, Dallas-Fort Worth, and Houston. The move signals that drone delivery is transitioning from a novelty service to a mainstream logistics option, with Wing having completed over 1 million commercial deliveries.
Anthropic CEO Calls for FAA-Style Regulation of Powerful AI Models
Anthropic CEO Dario Amodei published an essay calling for government regulation of powerful AI models, comparing the approach to FAA oversight of commercial aviation. The proposal includes mandatory third-party testing for frontier models and potential government authority to block or delay their deployment if they pose safety risks. The call comes as Anthropic released Claude Fable 5 and an updated Claude Mythos 5 model with advanced cybersecurity capabilities.