CVE-2026-10523_CVE-2026-10523

9.9 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Description

An Authentication Bypass vulnerability (CWE-288) in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote unauthenticated attacker to create arbitrary administrative accounts and obtain full administrative access

AI Analysis

Authentication Bypass vulnerability in Ivanti Sentry allowing remote unauthenticated attackers to create administrative accounts

Basic Information

ID CVE-2026-10523

Source ivanti

Published Jun 9, 2026 at 14:16

Modified Jun 9, 2026 at 15:39

Affected Product

Vendor ivanti

Product Sentry

Version R10.5.2

CWE Classification

CWE-288

AI Assessment

AI Score 9.9 / 10

AI Severity Critical

Vendor Ivanti

Product Sentry

Version R10.5.2, R10.6.2, R10.7.1

References

hub.ivanti.com /s/article/Security-Advisory-Ivanti-Sentry-CVE-2026-10520-CVE-2026-10523

{
    "lastseen": "",
    "description": "An Authentication Bypass vulnerability (CWE-288)\u00a0in Ivanti\u00a0Sentry before the\u00a0R10.5.2, R10.6.2 and R10.7.1\u00a0versions\u00a0allows\u00a0a remote unauthenticated attacker to create arbitrary administrative accounts and obtain full administrative access",
    "published": "2026-06-09T14:16:41.255Z",
    "modified": "2026-06-09T15:39:25.402Z",
    "type": "cve",
    "title": "CVE-2026-10523",
    "source": "ivanti",
    "references": "https://hub.ivanti.com/s/article/Security-Advisory-Ivanti-Sentry-CVE-2026-10520-CVE-2026-10523?language=en_US",
    "id": "CVE-2026-10523",
    "bulletinFamily": "",
    "cwe": [
        "CWE-288"
    ],
    "cvelist": null,
    "sourceData": "",
    "sourceHref": "",
    "cvss": {
        "score": 9.9,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Sentry",
    "version": "R10.5.2",
    "vendor": "ivanti",
    "ai_description": "Authentication Bypass vulnerability in Ivanti Sentry allowing remote unauthenticated attackers to create administrative accounts",
    "ai_severity": "Critical",
    "ai_vendor": "Ivanti",
    "ai_product": "Sentry",
    "ai_version": "R10.5.2, R10.6.2, R10.7.1",
    "ai_score": 9.9
}