Last updated: July 5, 2026 at 9:01 AM UTC
All 557 Vulnerability 199 Breach 106 Threat 245 Defense 7
Tag: sentry (3 articles)Clear

Agentjacking hijacks AI coding agents via fake Sentry error reports

Researchers at Tenet Security have disclosed Agentjacking, a new attack that turns AI coding assistants like Claude Code, Cursor, and Codex into tools for running an attacker's code on a developer's machine. The trick abuses Sentry, a widely used error-tracking service: anyone can submit a fake error event using a project's DSN, a public write-only key embedded in website code, and the AI agent, fetching that event through Sentry's MCP integration, cannot tell the malicious instructions from real diagnostics and runs them with the developer's privileges. No phishing, malware, or server breach is needed, and it bypasses traditional controls because every step is technically authorized. Tenet found 2,388 exposed organizations.

Check
Inventory developers using AI coding agents connected to Sentry or other MCP integrations that surface external data, and check whether your Sentry DSNs are exposed in frontend code or repositories.
Affected
Development teams using MCP-connected AI coding agents (Claude Code, Cursor, Codex) alongside Sentry; any project whose public DSN lets attackers inject error events that the agent treats as trusted instructions.
Fix
Run AI coding agents with least privilege in sandboxes, require human approval before they execute commands, treat all MCP tool output as untrusted, and limit which integrations feed agents external data.

Critical Ivanti Sentry flaw now exploited within a day of disclosure

The critical Ivanti Sentry flaw covered yesterday is now under active attack, with researchers reporting compromised gateways within about 24 hours of the patch and public patch analysis. CVE-2026-10520, rated a perfect 10, is an OS command injection in an internal configuration API that accepts commands from anyone who can reach it over the internet, granting remote code execution as root with no login. A second flaw, CVE-2026-10523, lets attackers create their own admin accounts. With exploitation confirmed and detection tooling public, the time to patch has effectively run out for internet-exposed appliances. Ivanti released fixes earlier this week.

Check
Treat any unpatched, internet-facing Ivanti Sentry as potentially compromised: review appliances for rogue administrator accounts, unexpected root commands, and connections from unfamiliar IPs before and after patching.
Affected
Internet-exposed Ivanti Sentry (formerly MobileIron Sentry) 10.5.1, 10.6.1, 10.7.0 and earlier, now actively exploited via CVE-2026-10520 (root RCE) and CVE-2026-10523 (admin auth bypass).
Fix
Patch to R10.5.2, R10.6.2, or R10.7.1 immediately if not already done, then perform incident response: rebuild compromised appliances, remove rogue accounts, and rotate connected credentials and secrets.

Critical Ivanti Sentry flaw gives unauthenticated attackers root

Ivanti has patched two critical flaws in Sentry, its mobile gateway appliance (formerly MobileIron Sentry) that sits in line between mobile devices and back-end systems like Exchange. The worst, CVE-2026-10520, rated a perfect 10, is an OS command injection in an internal configuration API that mistakenly accepts commands from anyone who can reach it over the internet, with no login, granting remote code execution as root. The second, CVE-2026-10523 (9.9), is an authentication bypass that lets attackers create their own admin accounts. No exploitation has been seen yet, but watchTowr has already published a patch analysis and a detection script, so the window is closing fast.

Check
Identify Ivanti Sentry appliances and their version, restrict who can reach the management and configuration endpoints, and run watchTowr's detection script to confirm whether instances are vulnerable.
Affected
Ivanti Sentry (formerly MobileIron Sentry) versions 10.5.1, 10.6.1, 10.7.0 and earlier, exposed to untrusted networks (CVE-2026-10520 root RCE; CVE-2026-10523 admin-account auth bypass).
Fix
Upgrade Ivanti Sentry to R10.5.2, R10.6.2, or R10.7.1 immediately, then review appliances for rogue administrator accounts and any signs of command execution before patching.