Vulnerability Details CVE-2026-10523
An Authentication Bypass vulnerability (CWE-288) in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote unauthenticated attacker to create arbitrary administrative accounts and obtain full administrative access
Exploit prediction scoring system (EPSS) score
EPSS Score 0.472
EPSS Ranking 98.7%
CVSS Severity
CVSS v3 Score 9.9
Products affected by CVE-2026-10523
-
cpe:2.3:a:ivanti:standalone_sentry:-
-
cpe:2.3:a:ivanti:standalone_sentry:10.0.0
-
cpe:2.3:a:ivanti:standalone_sentry:10.0.1
-
cpe:2.3:a:ivanti:standalone_sentry:10.0.2
-
cpe:2.3:a:ivanti:standalone_sentry:10.1.0
-
cpe:2.3:a:ivanti:standalone_sentry:10.2.0
-
cpe:2.3:a:ivanti:standalone_sentry:10.2.1
-
cpe:2.3:a:ivanti:standalone_sentry:10.3.0
-
cpe:2.3:a:ivanti:standalone_sentry:10.3.1
-
cpe:2.3:a:ivanti:standalone_sentry:10.4.0
-
cpe:2.3:a:ivanti:standalone_sentry:10.4.1
-
cpe:2.3:a:ivanti:standalone_sentry:10.4.2
-
cpe:2.3:a:ivanti:standalone_sentry:10.5.0
-
cpe:2.3:a:ivanti:standalone_sentry:10.5.1
-
cpe:2.3:a:ivanti:standalone_sentry:10.6.0
-
cpe:2.3:a:ivanti:standalone_sentry:10.6.1
-
cpe:2.3:a:ivanti:standalone_sentry:10.7.0
-
cpe:2.3:a:ivanti:standalone_sentry:9.14.0
-
cpe:2.3:a:ivanti:standalone_sentry:9.15.0
-
cpe:2.3:a:ivanti:standalone_sentry:9.16.0
-
cpe:2.3:a:ivanti:standalone_sentry:9.17.0
-
cpe:2.3:a:ivanti:standalone_sentry:9.18.0
-
cpe:2.3:a:ivanti:standalone_sentry:9.19.0
-
cpe:2.3:a:ivanti:standalone_sentry:9.19.2
-
cpe:2.3:a:ivanti:standalone_sentry:9.20.0
-
cpe:2.3:a:ivanti:standalone_sentry:9.20.1
-
cpe:2.3:a:ivanti:standalone_sentry:9.20.2