Free practical cybersecurity guidance for organisations without a security team.
hello@actionsoncyber.com
← Back to Vulnerability Briefs

Critical Security Flaw in Ivanti Sentry Could Let Attackers Take Over Your System

A serious security weakness has been found in Ivanti Sentry software that could allow attackers to bypass login controls and create admin accounts without permission. This means someone could gain full control over the system remotely, which is a critical risk for any organisation using this software.

13 June 2026

Reference: CVE-2026-10523

1. What is being reported?

The vulnerability allows a remote attacker to bypass authentication in Ivanti Sentry versions before R10.5.2, R10.6.2, and R10.7.1. This means they can create new administrative accounts without needing to log in properly, giving them full access to the system.

2. What this means in plain English

If your organisation uses Ivanti Sentry and has not updated to the fixed versions, an attacker could take over your system completely. This could lead to data theft, disruption of services, or other serious problems. It is a critical risk that needs urgent attention.

3. Could this affect a small business?

Small businesses or charities using Ivanti Sentry software on the affected versions could be at risk. If you do not use this software, or have already updated to the fixed versions, you are likely not affected.

4. What to do now

  • Check if your organisation uses Ivanti Sentry software and identify the version installed.
  • If you use Ivanti Sentry, contact your IT provider or software supplier immediately to confirm whether you have the vulnerable version.
  • Apply the latest Ivanti Sentry updates or patches (R10.5.2, R10.6.2, or R10.7.1 or later) as soon as possible.
  • Monitor your systems for any unusual activity and review user accounts for unexpected administrative access.

5. Ask your IT provider

Can you confirm if our Ivanti Sentry software is updated to a version that fixes the CVE-2026-10523 authentication bypass vulnerability?

6. Bottom line

If you use Ivanti Sentry, update it immediately to prevent attackers from gaining full control of your system.

Information based on NVD, CISA KEV, and reputable security reporting.

Back to Vulnerability Briefs