CVE-2026-10523 – Ivanti Sentry and Endpoint Manager Mobile

CVSS 9.9 CRITICAL Critical or Zero Day – Immediate Deployment

“These vulnerabilities put Ivanti systems at risk of root-level control and full administrative takeover.”

Ivanti patched three vulnerabilities affecting Sentry and Endpoint Manager Mobile. CVE-2026-10520 has a CVSS score of 10.0, which is Critical severity. CVE-2026-10523 has a CVSS score of 9.9, which is Critical severity. CVE-2026-10727 has a CVSS score of 7.2, which is High severity.

The Sentry issues can allow a remote unauthenticated attacker to achieve root-level remote code execution or create arbitrary administrative accounts for full administrative access. The Endpoint Manager Mobile issue can allow a remote authenticated attacker to execute arbitrary commands as root. No verified exploitation, zero-day activity, or public proof-of-concept activity has been confirmed.

Key Details

Affected Product
Ivanti Standalone Sentry
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
CWE Classification
CWE-288
Patch this CVE on all your endpoints in under 5 minutes. First 200 endpoints are free forever, scale as needed.