Ivanti Sentry has two critical vulnerabilities patched in a single advisory, including CVE-2026-10520 which enables unauthenticated root-level remote code execution on the gateway appliance. Ivanti Sentry sits between mobile devices and backend corporate systems, meaning a compromised instance provides an attacker direct access to enterprise mobile infrastructure and the backend environments it bridges. Patches are available; apply immediately given the product’s privileged network position.