【Vulnerability Alert】Ivanti Sentry Contains 2 Major Security Vulnerabilities

• Subject: 【Vulnerability Alert】Ivanti Sentry Contains 2 Major Security Vulnerabilities

• Description:
  • Forwarded from Taiwan Computer Emergency Response Team / Coordination Center Security Advisory TWCERTCC-200-202606-00000006
  • Recently, Ivanti issued a critical security advisory for Sentry.
  • 【CVE-2026-10520, CVSS: 10.0】 This vulnerability is an OS command injection vulnerability, allowing unauthenticated remote users to execute remote code with root privileges.
  • 【CVE-2026-10523, CVSS: 9.9】 This vulnerability is an authentication bypass vulnerability, allowing unauthenticated remote attackers to create arbitrary administrator accounts and gain full administrative privileges.
• Affected Platforms:
  • Ivanti Sentry versions 10.5.1 and earlier
  • Ivanti Sentry versions 10.6.1 and earlier
  • Ivanti Sentry versions 10.7.0 and earlier
• Recommended Actions:
  • Please update to the following versions: Ivanti Sentry versions 10.5.2 and later, Ivanti Sentry versions 10.6.2 and later, Ivanti Sentry versions 10.7.1 and later
• References:
  1. https://www.twcert.org.tw/tw/cp-169-10959-cac23-1.html

Computer and Communication Center
Network Systems Division