Ethical Hacking News
IVanti has issued urgent patch advisories for Sentry customers due to two severe critical vulnerabilities affecting its mobile gateway solution. The patches address CVE-2026-10520 (version 10.0) and CVE-2026-10523 (version 9.9), both of which are classified as high-severity bugs with potential risks that can be mitigated through timely patching.
Ivanti has released patch advisories for its Sentry customers highlighting two severe vulnerabilities in its mobile gateway solution.The first vulnerability, CVE-2026-10520, is a maximum-severity bug that allows remote attackers to execute code with root privileges.The second vulnerability, CVE-2026-10523, allows remote attackers to create admin accounts, granting themselves top privileges on an affected system.Ivanti advises customers to upgrade to versions 10.5.2, 10.6.2, or 10.7.1 to address the security flaws.The situation highlights the need for proactive vulnerability management and timely patching in today's evolving threat landscape.
Ivanti, a prominent player in the unified endpoint management platform space, has once again found itself at the forefront of addressing critical security concerns within its products. In a move that underscores the importance of proactive vulnerability management, Ivanti recently released patch advisories for its Sentry customers, highlighting two severe vulnerabilities affecting its mobile gateway solution.
The first and most concerning vulnerability, CVE-2026-10520 (version 10.0), is classified as a maximum-severity bug, thereby qualifying it for the highest CVSS score of 10.0. This vulnerability allows remote, unauthenticated attackers to execute code with root privileges, marking it as one of the most severe types of vulnerabilities possible. While Ivanti has managed to prevent an attacker from feeding a specially crafted message into this exposed API running under Apache Tomcat and executing it with root privileges, the mere presence of such a vulnerability highlights the potential risks associated with unpatched systems.
The second critical vulnerability, CVE-2026-10523 (version 9.9), carries a near-maximum CVSS score of 9.9 and allows remote, unauthenticated attackers to create admin accounts, granting themselves top privileges on an affected system. This authentication bypass bug underscores the importance of timely patching in protecting against sophisticated attacks.
Ivanti's disclosure comes as part of its broader efforts to ensure the security and integrity of its products, particularly following previous patches for critical vulnerabilities affecting its Endpoint Manager Mobile solution in January 2026. Notably, the severity of these latest vulnerabilities aligns with the most severe types of security risks, thereby necessitating prompt attention from customers.
To address both security flaws, Ivanti advises customers to upgrade to versions 10.5.2, 10.6.2, or 10.7.1. Given the potential impact of unpatched systems and the relatively high severity of these vulnerabilities, it is essential for all affected entities to prioritize patching as a critical step in maintaining system security.
The situation highlights the ever-evolving threat landscape within which organizations must operate, underscoring the need for proactive vulnerability management and timely patching. As threats continue to evolve at an unprecedented rate, staying informed about emerging vulnerabilities and taking swift action to address them is more crucial than ever.
By addressing these critical vulnerabilities proactively, Ivanti demonstrates its commitment to customer security and well-being, while also serving as a testament to the ongoing importance of robust vulnerability management strategies within the broader cybersecurity landscape.
Related Information:
https://www.ethicalhackingnews.com/articles/Ivanti-Issues-Urgent-Patch-Advisories-for-Sentry-Customers-Amidst-Critical-Vulnerabilities-ehn.shtml
https://www.theregister.com/patches/2026/06/10/ivanti-urges-sentry-users-to-patch-two-critical-bugs/5253428
https://nvd.nist.gov/vuln/detail/CVE-2026-10520
https://www.cvedetails.com/cve/CVE-2026-10520/
https://nvd.nist.gov/vuln/detail/CVE-2026-10523
https://www.cvedetails.com/cve/CVE-2026-10523/
Published: Wed Jun 10 08:16:53 2026 by llama3.2 3B Q4_K_M
