Latest publications of type Security AdvisoriesRead More
Release Date:
Critical vulnerabilities in Ivanti Sentry
Download
-
Download PDF
MD5
SHA-1
SHA-256
SHA-512
-
Download MARKDOWN
-
Download JSON
History:
- 10/06/2026 — v1.0 — Initial publication
Summary
On 9 June 2026, Ivanti released a security advisory addressing two critical vulnerabilities in their Sentry products[1]. An attacker could exploit those flaws to achieve unauthenticated remote code execution on the vulnerable device.
Technical Details
The vulnerability CVE-2026-10520, with a CVSS score of 10, is an OS Command Injection vulnerability in Ivanti Sentry which allows a remote unauthenticated user to achieve root-level remote code execution[2].
The vulnerability CVE-2026-10523, with a CVSS score of 9.9, is an Authentication Bypass vulnerability in Ivanti Sentry which allows a remote unauthenticated attacker to create arbitrary administrative accounts and obtain full administrative access.
Affected Products
The following versions of Ivanti Sentry are affected:
- 10.5.1 and prior.
- 10.6.1 and prior.
- 10.7.0 and prior.
CERT-EU recommends following the vendor’s guidance to update their appliance to one of the fixed versions[1].
References
[1] https://hub.ivanti.com/s/article/Security-Advisory-Ivanti-Sentry-CVE-2026-10520-CVE-2026-10523
Share this publication