{"uuid": "536dbd2e-9793-4c4b-bc54-a21fd7e60e65", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "name": "Security Advisory Ivanti Sentry (CVE-2026-10520, CVE-2026-10523)", "description": "| CVE Number     | Description                                                                                                                                                                                                                                   | CVSS Score (Severity) | CVSS Vector                                  | CWE     |\n| -------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------- | -------------------------------------------- | ------- |\n| CVE-2026-10520 | An OS Command Injection vulnerability in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote unauthenticated user to achieve root-level remote code execution                                                      | 10 (Critical)         | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H | CWE-78  |\n| CVE-2026-10523 | An Authentication Bypass vulnerability (CWE-288) in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote unauthenticated attacker to create arbitrary administrative accounts and obtain full administrative access | 9.9(Critical)         | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H | CWE-288 |\n\nRef: https://hub.ivanti.com/s/article/Security-Advisory-Ivanti-Sentry-CVE-2026-10520-CVE-2026-10523?language=en_US", "creation_timestamp": "2026-06-10T04:44:07.375527+00:00", "timestamp": "2026-06-10T04:44:07.375527+00:00", "related_vulnerabilities": ["CVE-2026-10520", "CVE-2026-10523"], "author": {"login": "adulau", "name": "Alexandre Dulaunoy", "uuid": "c933734a-9be8-4142-889e-26e95c752803"}}