This week’s release introduces new managed protection to address a critical pre-authentication OS command injection vulnerability in Ivanti Sentry (CVE-2026-10520).
Key Findings
- CVE-2026-10520: An OS command injection vulnerability in Ivanti Sentry allows remote, unauthenticated attackers to execute arbitrary system commands with root privileges. The flaw stems from improper sanitization of input strings parsed during internal configuration handling.
| Ruleset | Rule ID | Legacy Rule ID | Description | Previous Action | New Action | Comments |
|---|---|---|---|---|---|---|
| Cloudflare Managed Ruleset | 500a90789f874345b60b0de7242fdf83 | N/A | Ivanti Sentry – Command Injection – CVE:CVE-2026-10520 | Log | Block | This is a new detection. |
Source: Cloudflare
Latest Posts
- AWS HealthOmics now supports ephemeral storage for private workflows
- Amazon Bedrock AgentCore Memory now supports cross-account access
- Automated Reasoning checks in Amazon Bedrock Guardrails add new policy refinement workflows
- (Updated) Action required: Update Teams Rooms app to maintain PowerPoint Live functionality [MC1332812]
![(Updated) Microsoft Teams: Digital signage support for Teams panels [MC1311979]](https://mwpro.co.uk/wp-content/uploads/2024/08/pexels-pixabay-301599-150x150.webp "(Updated) Microsoft Teams: Digital signage support for Teams panels [MC1311979] 7")