// #cve-2026-10523
2 articles
Ivanti Sentry CVE-2026-10523 (CVSS 9.9): Second Critical Flaw Chains with CVE-2026-10520 for Complete Device Takeover
Ivanti has disclosed a second critical vulnerability in Sentry — CVE-2026-10523, an authentication bypass scoring CVSS 9.9 — that chains with the previously patched CVE-2026-10520 (CVSS 10.0) to enable complete unauthenticated takeover of the MDM gateway. Organisations that deployed the initial patch must apply additional updates; the two CVEs affect overlapping but distinct code paths.
Ivanti Sentry CVE-2026-10520: CVSS 10.0 Pre-Authentication RCE Exploited After PoC Release
Ivanti has disclosed CVE-2026-10520, a CVSS 10.0 pre-authentication remote code execution vulnerability in Ivanti Sentry (formerly MobileIron Sentry) that is being actively exploited following public proof-of-concept release. A companion OS command injection flaw CVE-2026-10523 (CVSS 9.4) affects the same platform. Both require immediate action for all organisations running Ivanti Sentry in their mobile device management infrastructure.