CVE-2026-10523
CriticalCVSS 9.9Exploitation Probability (EPSS)
Very high risk99th percentile — higher than 99% of all known CVEs
Summary
CVE-2026-10523 in Ivanti Sentry before versions R10.5.2, R10.6.2, and R10.7.1 contains an authentication bypass vulnerability that allows a remote unauthenticated attacker to create arbitrary administrative accounts and gain full administrative access.
Risk Assessment
Organizations may be exposed to unauthorized access to systems, potentially leading to serious security breaches and data loss.
Recommendation
It is recommended to update Ivanti Sentry to the latest versions to mitigate this vulnerability and implement additional security measures to monitor unauthorized activities.
Original NVD description (English source)
An Authentication Bypass vulnerability (CWE-288) in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote unauthenticated attacker to create arbitrary administrative accounts and obtain full administrative access

