External risk intelligence

Ivanti Sentry Authentication Bypass Enables Full Administrative Access

CVE advisorySeverity: CRITICAL (CVSS 9.9)

CVE-2026-10523

An authentication bypass vulnerability in Ivanti Sentry could allow an unauthenticated remote attacker to create arbitrary administrative accounts and gain full administrative access. This issue is relevant if Ivanti Sentry is used and accessible.

5Halo Surface Signal

Authentication Bypass

External exposure likelihood

Halo Surface Signal score for CVE-2026-10523

Ivanti Sentry is an internet-facing edge appliance designed to act as a gateway for mobile device management and secure access, making it a service intended to be deployed at the network edge with exposure to the public internet in normal operational use.

PCI scan relevance

PCI Relevance for CVE-2026-10523

Yes

CVE-2026-10523 — Halo PCI Relevance: Yes. Under typical PCI ASV external scan criteria, this issue may be flagged for scan prioritization.

This authentication bypass vulnerability allows attackers to gain administrative access, which is a type of issue that typically requires remediation for PCI compliance scans.

Scan-prioritization guidance only—not a PCI DSS certification or ASV attestation.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Horizon Alert

Summary of the vulnerability and why it matters

This vulnerability affects Ivanti Sentry, a product used for secure mobile access. It allows an attacker to bypass authentication, create new administrator accounts, and gain complete control of the system. The main concern is confirming if our environment uses this technology and is exposed.

  • Bypass authentication to gain administrative control.
  • Potential for unauthorized access and system takeover.
  • Confirm relevance and exposure within our environment.

Attack Path

How an attacker could exploit the issue

An attacker could exploit this vulnerability by remotely accessing Ivanti Sentry, a gateway for mobile device management. Because the vulnerability allows for authentication bypass, an unauthenticated attacker can create their own administrative accounts, granting them full control over the system.

  • Network access required.
  • Bypasses authentication mechanism.
  • Full administrative access gained.

Live Threat

Current exploitation, exposure, and threat context

This vulnerability could allow an unauthenticated attacker to bypass authentication mechanisms, creating new administrative accounts. This access could enable unauthorized control and modification of the system.

  • Administrative accounts and system control.
  • Unauthenticated remote attacker bypass.
  • Full administrative access and system compromise.

Priority actions

Operational Fix

Recommended remediation, mitigation, and detection steps

This critical authentication bypass vulnerability in Ivanti Sentry requires prompt attention from infrastructure or platform teams responsible for its management and security. The first step is to identify all deployed instances, assess their network exposure and business criticality, and locate the accountable owner. Remediation planning should then prioritize the most exposed and critical systems.

  • Infrastructure or platform teams own the issue.
  • Verify instance exposure and business criticality.
  • Plan remediation based on assessed risk.

Frequently asked questions

What is Ivanti Sentry?

Ivanti Sentry is an edge appliance that serves as a secure gateway for mobile device management. Organizations deploy it to broker communication between mobile devices and internal enterprise resources, ensuring that traffic is authorized and managed before it enters the core network.

What does CVE-2026-10523 mean?

This vulnerability is an authentication bypass, classified as CWE-288. It allows an attacker to circumvent the login process entirely. By exploiting this flaw, an unauthorized user can create their own administrative account, effectively granting them complete control over the appliance without needing legitimate credentials.

How can an attacker trigger this vulnerability?

An attacker needs network access to the Ivanti Sentry instance to exploit this flaw remotely. Because it is an authentication bypass, it does not require the attacker to possess existing user permissions or passwords. Standard, authorized user actions are not required for this bug to be triggered.

Do I need to worry if my Sentry instance is internet-facing?

Yes. According to Halo Surface Signal, Ivanti Sentry is designed as an edge gateway, meaning it is often deployed in positions where it faces the public internet. Because this flaw allows remote, unauthenticated access, any instance directly reachable from the outside world is at a significantly higher risk of compromise.

When should I take action for this vulnerability?

You should prioritize this immediately if you manage Ivanti Sentry infrastructure. Begin by locating all deployed instances in your environment and confirming their specific software versions. Once identified, assess their network connectivity and plan to apply the necessary version updates provided by the vendor to restore secure authentication.

References

Sources and related resources

Primary sources: NVD, CVE.org.

NVDPublished