explaingit

watchtowrlabs/watchtowr-vs-ivanti-sentry-rce-cve-2026-10523

Analysis updated 2026-07-17

12PythonAudience · ops devopsComplexity · 2/5Setup · easy

TLDR

A security tool that tests whether an Ivanti Sentry server is vulnerable to two chained CVEs allowing unauthenticated remote command execution.

Mindmap

mindmap
  root((repo))
    What it does
      Tests Ivanti Sentry servers
      Exploits chained CVEs
      Runs remote commands
    Tech stack
      Python
      Single script
    Use cases
      Security team self-checks
      Vulnerability verification
      Pre-patch exposure testing
    Audience
      Security researchers
      Ops and devops teams

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

What do people build with it?

USE CASE 1

Verify whether your own Ivanti Sentry installation is vulnerable to CVE-2026-10520 and CVE-2026-10523

USE CASE 2

Confirm remote command execution before an attacker finds the exposed instance

USE CASE 3

Demonstrate the authentication bypass and RCE chain in a security report

USE CASE 4

Check exposure before applying the official Ivanti patch

What is it built with?

Python

How does it compare?

watchtowrlabs/watchtowr-vs-ivanti-sentry-rce-cve-2026-10523aim-uofa/reasonmatchairbone42/360-data-athlete
Stars121212
LanguagePythonPythonPython
Setup difficultyeasyhardhard
Complexity2/55/54/5
Audienceops devopsresearchergeneral

Figures from each repo's GitHub metadata at analysis time.

How do you get it running?

Difficulty · easy Time to first run · 5min

Intended only for testing systems you own or are authorized to assess.

No license information was found in the explanation.

In plain English

This repository contains a detection tool released by watchTowr Labs targeting two security vulnerabilities in Ivanti Sentry, a product many organizations use to manage access to corporate email and other services on mobile devices. The vulnerabilities are tracked as CVE-2026-10520 and CVE-2026-10523, and together they allow an attacker to bypass authentication and then run arbitrary commands on the server without needing a valid account. The tool is a single Python script. You point it at a target URL and give it a command to run. If the target system is unpatched, it sends a specially crafted request to a specific API endpoint, the server executes the command, and the output is printed back. The README includes an example showing the server responding with its Linux kernel version, which confirms the command executed successfully on the remote machine. watchTowr frames this as a detection artifact generator, meaning it is intended for security teams to verify whether their own Ivanti Sentry installations are vulnerable before an attacker finds them. The tool does not hide what it is doing: it prints the target, the command, and the result clearly in the terminal. Remediation means applying the patch from the official Ivanti security advisory. The README links directly to that advisory. Anyone running Ivanti Sentry should check whether they have applied the fix, because this tool makes it straightforward for anyone to test an exposed instance.

Copy-paste prompts

Prompt 1
Explain how CVE-2026-10520 and CVE-2026-10523 are chained to achieve remote code execution on Ivanti Sentry
Prompt 2
Show me how to run this Python script against a test Ivanti Sentry instance to check for the vulnerability
Prompt 3
Help me understand the API endpoint this tool targets and why it bypasses authentication
Prompt 4
Summarize the remediation steps from the official Ivanti security advisory linked in this README

Frequently asked questions

What is watchtowr-vs-ivanti-sentry-rce-cve-2026-10523?

A security tool that tests whether an Ivanti Sentry server is vulnerable to two chained CVEs allowing unauthenticated remote command execution.

What language is watchtowr-vs-ivanti-sentry-rce-cve-2026-10523 written in?

Mainly Python. The stack also includes Python.

What license does watchtowr-vs-ivanti-sentry-rce-cve-2026-10523 use?

No license information was found in the explanation.

How hard is watchtowr-vs-ivanti-sentry-rce-cve-2026-10523 to set up?

Setup difficulty is rated easy, with roughly 5min to a first successful run.

Who is watchtowr-vs-ivanti-sentry-rce-cve-2026-10523 for?

Mainly ops devops.

Open on GitHub → Explain another repo

This repo across BitVibe Labs

Verify against the repo before relying on details.