Auth Bypass in Ivanti Sentry <10.5.2/10.6.2/10.7.1 Enables Remote Admin Creation: CVE-2026-10523 June 2026

Auth Bypass in Ivanti Sentry <10.5.2/10.6.2/10.7.1 Enables Remote Admin Creation
CVE-2026-10523 Published on June 9, 2026

An Authentication Bypass vulnerability (CWE-288) in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote unauthenticated attacker to create arbitrary administrative accounts and obtain full administrative access

Vulnerability Analysis

CVE-2026-10523 can be exploited with network access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to be critical as this vulnerability has a high impact to the confidentiality, integrity and availability of this component.

Attack Vector:

NETWORK

Attack Complexity:

LOW

Privileges Required:

LOW

User Interaction:

NONE

Scope:

CHANGED

Confidentiality Impact:

HIGH

Integrity Impact:

HIGH

Availability Impact:

HIGH

Weakness Type

Authentication Bypass Using an Alternate Path or Channel

A product requires authentication, but the product has an alternate path or channel that does not require authentication.

Affected Versions

Version R10.5.2 is unaffected.

Version R10.6.2 is unaffected.

Version R10.7.1 is unaffected.

Auth Bypass in Ivanti Sentry <10.5.2/10.6.2/10.7.1 Enables Remote Admin CreationCVE-2026-10523 Published on June 9, 2026

Vulnerability Analysis

Weakness Type

Authentication Bypass Using an Alternate Path or Channel

Affected Versions

Auth Bypass in Ivanti Sentry <10.5.2/10.6.2/10.7.1 Enables Remote Admin Creation
CVE-2026-10523 Published on June 9, 2026