CVE-2026-10523 | THREATINT

Description

An Authentication Bypass vulnerability (CWE-288) in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote unauthenticated attacker to create arbitrary administrative accounts and obtain full administrative access

PUBLISHED Reserved 2026-06-01 | Published 2026-06-09 | Updated 2026-06-10 | Assigner ivanti

CRITICAL: 9.9CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Problem types

CWE-288 Authentication bypass using an alternate path or channel

Product status

Default status

affected

R10.5.2

unaffected

R10.6.2

unaffected

R10.7.1

unaffected

References

hub.ivanti.com/...E-2026-10520-CVE-2026-10523?language=en_US

cve.org (CVE-2026-10523)

nvd.nist.gov (CVE-2026-10523)

Download JSON