watchtowrlabs/watchtowr-vs-ivanti-sentry-rce-cve-2026-10523 — explained in plain English
Analysis updated 2026-07-17
Verify whether your own Ivanti Sentry installation is vulnerable to CVE-2026-10520 and CVE-2026-10523
Confirm remote command execution before an attacker finds the exposed instance
Demonstrate the authentication bypass and RCE chain in a security report
Check exposure before applying the official Ivanti patch
| watchtowrlabs/watchtowr-vs-ivanti-sentry-rce-cve-2026-10523 | aim-uofa/reasonmatch | airbone42/360-data-athlete | |
|---|---|---|---|
| Stars | 12 | 12 | 12 |
| Language | Python | Python | Python |
| Setup difficulty | easy | hard | hard |
| Complexity | 2/5 | 5/5 | 4/5 |
| Audience | ops devops | researcher | general |
Figures from each repo's GitHub metadata at analysis time.
Intended only for testing systems you own or are authorized to assess.
This repository contains a detection tool released by watchTowr Labs targeting two security vulnerabilities in Ivanti Sentry, a product many organizations use to manage access to corporate email and other services on mobile devices. The vulnerabilities are tracked as CVE-2026-10520 and CVE-2026-10523, and together they allow an attacker to bypass authentication and then run arbitrary commands on the server without needing a valid account. The tool is a single Python script. You point it at a target URL and give it a command to run. If the target system is unpatched, it sends a specially crafted request to a specific API endpoint, the server executes the command, and the output is printed back. The README includes an example showing the server responding with its Linux kernel version, which confirms the command executed successfully on the remote machine. watchTowr frames this as a detection artifact generator, meaning it is intended for security teams to verify whether their own Ivanti Sentry installations are vulnerable before an attacker finds them. The tool does not hide what it is doing: it prints the target, the command, and the result clearly in the terminal. Remediation means applying the patch from the official Ivanti security advisory. The README links directly to that advisory. Anyone running Ivanti Sentry should check whether they have applied the fix, because this tool makes it straightforward for anyone to test an exposed instance.
A security tool that tests whether an Ivanti Sentry server is vulnerable to two chained CVEs allowing unauthenticated remote command execution.
Mainly Python. The stack also includes Python.
No license information was found in the explanation.
Setup difficulty is rated easy, with roughly 5min to a first successful run.
Mainly ops devops.
This repo across BitVibe Labs
double-check against the repo, no cap.