【Vulnerability Alert】Ivanti Sentry Contains 2 Major Security Vulnerabilities
Subject: 【Vulnerability Alert】Ivanti Sentry Contains 2 Major Security Vulnerabilities
Description:
Forwarded from Taiwan Computer Emergency Response Team / Coordination Center Security Advisory TWCERTCC-200-202606-00000006
Recently, Ivanti issued a critical security advisory for Sentry.
【CVE-2026-10520, CVSS: 10.0】 This vulnerability is an OS command injection vulnerability, allowing unauthenticated remote users to execute remote code with root privileges.
【CVE-2026-10523, CVSS: 9.9】 This vulnerability is an authentication bypass vulnerability, allowing unauthenticated remote attackers to create arbitrary administrator accounts and gain full administrative privileges.
Affected Platforms:
Ivanti Sentry versions 10.5.1 and earlier
Ivanti Sentry versions 10.6.1 and earlier
Ivanti Sentry versions 10.7.0 and earlier
Recommended Actions:
Please update to the following versions: Ivanti Sentry versions 10.5.2 and later, Ivanti Sentry versions 10.6.2 and later, Ivanti Sentry versions 10.7.1 and later