https://cybercrime.club/tags/gateway/Infrastructure security news for people who build infrastructure.Hugo -- gohugo.ioen-usTue, 16 Jun 2026 11:09:25 -0400https://cybercrime.club/posts/ivanti-sentry-cve-2026-10520-handlemessage-unauth-root-rce/Tue, 16 Jun 2026 11:09:25 -0400https://cybercrime.club/posts/ivanti-sentry-cve-2026-10520-handlemessage-unauth-root-rce/A CVSS 10.0 OS command injection in Ivanti Sentry's unauthenticated /mics/api/v2/sentry/mics-config/handleMessage endpoint yields remote code execution as root. watchTowr published a PoC on June 10, CISA added it to KEV on June 11 with a June 14 deadline, and exploitation has followed.vulnerabilities