VDB

CVE-2026-10523

CVE-2026-10523 PUBLISHED CVSS 9.899999618530273 CRITICAL

CVE-2026-10520 is an OS command injection vulnerability with a maximum CVSS score of 10.0 that can be exploited remotely without authentication to execute arbitrary code with root privileges. CVE-2026-10523 is an authentication bypass vulnerability (CVSS:3.1 9.9) that allows a remote unauthenticated attacker to create arbitrary administrative accounts and obtain full administrative access. The flaw enables attackers to circumvent normal authentication mechanisms, fundamentally undermining the security model of the system.

Risk Scores

CVSS 3.1
9.899999618530273
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Affected Products

VendorProductVersions
IvantiIvanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions

Timeline

  • Jun 9, 2026 CVE Published
  • Jun 11, 2026 Coalition ESS Score
  • Jun 11, 2026 Security Advisory
Open in Interactive Console →
$ Console Community · 100/wk Open console ›