Vulnerability Report

CVE-2026-10523

Title: Ivanti Sentry Authentication Bypass

Authentication Bypass

Proof Of Concept

PoC Available for CVE-2026-10523

CWE Category CWE-288

Published Date Jun 09, 2026

Modified Date Jun 09, 2026

Exploit Status Available

Score 9.9 CVSS v3.1

Exploit Probability (EPSS)

4.81%

Vulnerability Summary

CVE-2026-10523: An Authentication Bypass vulnerability (CWE-288) in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote unauthenticated attacker to create arbitrary administrative accounts and obtain full administrative access

Impacted Vendors

Analysis in Progress...

Reference Links

https://hub.ivanti.com/s/article/Security-Advisory-Ivanti-Sentry-CVE-2026-10520-CVE-2026-10523?language=en_US

CVSS v3.1

Source Entity 3c1d8aa1-5a33-4ea4-8992-aadd6440af75

Severity CRITICAL

9.9

Attack Vector

NETWORK

Complexity

LOW

Privileges

N/A

Interaction

NONE

Confidentiality

N/A

Integrity

N/A

Availability

N/A

Scope

CHANGED

RAW VECTOR CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Associated Attack Patterns (CAPEC)

Total: Patterns

CVE-2026-10523 Exploits & PoCs (Proof Of Concept)

GitHub https://github.com/watchtowrlabs/watchTowr-vs-Ivanti-Sentry-RCE-CVE-2026-10520-CVE-2026-10523

View Code

GitHub https://github.com/HORKimhab/CVE-2026-10520-10523

View Code

June 09, 2026 MODIFIED

Vulnerability data updated via NVD.

June 09, 2026 MODIFIED

Vulnerability data updated via NVD.

Attack Vector Matrix

Access Vector NETWORK

Complexity LOW

Privileges N/A

Interaction NONE

CVSS Vector String


                                    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Affected Stack

No specific products linked.