Two critical vulnerabilities in Ivanti Standalone Sentry were exploited within 24 hours of public disclosure, with indicators suggesting threat actors conducted reconnaissance before the patch was available. CVE-2026-10520 chains missing authentication, improper authentication, and hard-coded credentials to deliver unauthenticated root RCE against internet-exposed Sentry appliances. Organizations running Sentry as a mobile access gateway face immediate risk of full appliance compromise and lateral movement into internal networks.