VDB
GCVE-110-NCSC-2026-180
GCVE-110-NCSC-2026-180
Advisory PublishedCVSS 9.9/10
An Authentication Bypass vulnerability in Ivanti Sentry versions prior to R10.5.2, R10.6.2, and R10.7.1 enables remote unauthenticated attackers to create arbitrary administrative accounts and gain full administrative privileges.
Weaknesses (CWE)
CWE-288Authentication Bypass Using an Alternate Path or ChannelCWE-78Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Risk Scores
CVSS 3.1
9.9/10
Critical · CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Ivanti | vers:unknown/* | — | — |
Aliases
Browse GCVE Records
73,685 records in the GCVE database · Updated July 18, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.