[Security Vulnerability Alert] Ivanti's Sentry has two major cybersecurity vulnerabilities.

[Security Vulnerability Alert] Ivanti's Sentry has two major cybersecurity vulnerabilities.

2026/6/15 ～ 2026/12/15

View Count：34

Forwarded from Taiwan Computer Network Crisis Management and Coordination Center: Cybersecurity Alert TWCERTCC-200-202606-00000006

[Content Description]
Ivanti recently released a major cybersecurity vulnerability announcement regarding its Sentry product.

【CVE-2026-10520, CVSS: 10.0】 This vulnerability is an operating system command injection vulnerability, allowing unauthenticated remote users to execute remote code with root privileges.

【CVE-2026-10523, CVSS: 9.9】 This vulnerability is an authentication bypass vulnerability, allowing unauthenticated remote attackers to create arbitrary administrator accounts and gain full administrator privileges.

[Affected Platforms]
Ivanti Sentry versions 10.5.1 and earlier
Ivanti Sentry versions 10.6.1 and earlier
Ivanti Sentry versions 10.7.0 and earlier

[Recommended Actions]
Please update to the following versions:
Ivanti Sentry version 10.5.2 and later,
Ivanti Sentry version 10.6.2 and later,
Ivanti Sentry version 10.7.1 and later

[References]
1. https://www.twcert.org.tw/tw/cp-169-10959-cac23-1.html

[Security Vulnerability Alert] Ivanti's Sentry has two major cybersecurity vulnerabilities.

2026/6/15 ～ 2026/12/15

View Count：34

Files

參考資料

【Back】

[Security Vulnerability Alert] Ivanti's Sentry has two major cybersecurity vulnerabilities.

2026/6/15 ～ 2026/12/15

View Count：34

Files

system_update_alt參考資料

【Back】

參考資料