CVE-2026-10523

Summary

An Authentication Bypass vulnerability (CWE-288) in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote unauthenticated attacker to create arbitrary administrative accounts and obtain full administrative access

Affected Software

VendorProductVersion RangeStatus
ivantiSentryR10.5.2unaffected
ivantiSentryR10.6.2unaffected
ivantiSentryR10.7.1unaffected

Weaknesses

  • CWE-288: CWE-288 Authentication bypass using an alternate path or channel

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References