Vulnerability intelligence
CVE-2026-10523
An Authentication Bypass vulnerability (CWE-288) in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote unauthenticated attacker to create arbitrary administrative accounts and obtain full administrative access
CVSS Score
9.9
Critical
EPSS — Exploit Probability
0.3%
Riskier than 54% of all CVEs
Exploitation
Not in CISA KEV
No federal exploitation record
Remediation
unknown
Check vendor advisories
2 articles across 2 outlets · first covered Jun 10, 2026 · latest Jun 10, 2026
Tracked incidents
Coverage timeline
-
CVE-2026-10520, CVE-2026-10523 - Multiple critical vulnerabilities affecting Ivanti Sentrywww.rapid7.com · Jun 10, 2026
-
Ivanti patches CVE-2026-10520 gateway flaw after urgent alertsecurityonline.info · Jun 10, 2026