Ce mail provient de l'extérieur, restons vigilants ===================================================================== CERT-Renater Note d'Information No. 2026/VULN614 _____________________________________________________________________ DATE : 11/06/2026 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Systems running Ivanti Sentry versions prior to 10.5.2, 10.6.2, 10.7.1. ===================================================================== https://hub.ivanti.com/s/article/Security-Advisory-Ivanti-Sentry-CVE-2026-10520-CVE-2026-10523?language=en_US _____________________________________________________________________ Security Advisory Ivanti Sentry (CVE-2026-10520, CVE-2026-10523) Primary Product Sentry Categories Security/Vulnerability Issue Created Date Jun 9, 2026 2:00:52 PM Last Modified Date Jun 9, 2026 2:13:40 PM Ivanti has released updates for Ivanti Sentry which addresses two critical vulnerabilities. We are not aware of any customers being exploited by these vulnerabilities at the time of disclosure. Vulnerability Details: CVE Number Description CVSS Score (Severity) CVSS Vector CWE CVE-2026-10520 An OS Command Injection vulnerability in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote unauthenticated user to achieve root-level remote code execution 10 (Critical) CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H CWE-78 CVE-2026-10523 An Authentication Bypass vulnerability (CWE-288) in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote unauthenticated attacker to create arbitrary administrative accounts and obtain full administrative access 9.9(Critical) CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H CWE-288 Affected Versions Product Name Affected Version(s) Resolved Version(s) Patch Availability Ivanti Sentry 10.5.1, 10.6.1, 10.7.0 and prior 10.5.2, 10.6.2 and 10.7.1 Download Portal (Login Required) See detailed instructions below. Solution Customers can resolve these vulnerabilities by updating their appliance to one of the fixed versions. The new versions can be found at the following links: 10.5.2: New Sentry Instance: https://support.mobileiron.com/mi/sentry/10.5.2-3/sentry-mobileiron-10.5.2-3.iso Updating existing Sentry appliance: https://support.mobileiron.com/mi/sentry/10.5.2-3/ 10.6.2: New Sentry Instance: https://support.mobileiron.com/mi/sentry/10.6.2-4/sentry-mobileiron-10.6.2-4.iso Updating existing Sentry appliance: https://support.mobileiron.com/mi/sentry/10.6.2-4/ 10.7.1: New Sentry Instance: https://support.mobileiron.com/mi/sentry/10.7.1-3/sentry-mobileiron-10.7.1-3.iso Updating existing Sentry appliance: https://support.mobileiron.com/mi/sentry/10.7.1-3/ Acknowledgements Ivanti would like to thank the following for reporting the relevant issues and for working with Ivanti to help protect our customers: Bryan Lam (CVE-2026-10523) Note: Ivanti is dedicated to ensuring the security and integrity of our enterprise software products. We recognize the vital role that security researchers, ethical hackers, and the broader security community play in identifying and reporting vulnerabilities. Visit HERE to learn more about our Vulnerability Disclosure Policy. FAQ Are you aware of any active exploitation of these vulnerabilities? We are not aware of any customers being exploited by these vulnerabilities prior to public disclosure. These vulnerabilities were disclosed through our responsible disclosure program. How can I tell if I have been compromised? Currently, there is no known public exploitation of this vulnerability that could be used to provide a list of indicators of compromise. What should I do if I need help?  If you have questions after reviewing this information, you can log a case and/or request a call via the Ivanti Innovators Hub. Article Number : 000107123 Article Promotion Level Normal ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 23/25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email:cert@support.renater.fr + =========================================================