VDB

GCVE-110-NCSC-2026-180

GCVE-110-NCSC-2026-180
Advisory PublishedCVSS 9.9/10
Vulnetix · Advisory published June 9, 2026
An Authentication Bypass vulnerability in Ivanti Sentry versions prior to R10.5.2, R10.6.2, and R10.7.1 enables remote unauthenticated attackers to create arbitrary administrative accounts and gain full administrative privileges.

Weaknesses (CWE)

CWE-288Authentication Bypass Using an Alternate Path or ChannelCWE-78Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Risk Scores

CVSS 3.1
9.9/10
Critical · CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Affected Products

VendorProductVersionsPlatforms
Ivantivers:unknown/*

References

advisory
advisory
advisory
advisory

Browse GCVE Records

73,685 records in the GCVE database · Updated July 18, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›