Source: Ministry of education information & communication security contingency platform
"" "" ""
| Publication Number | TACERT-ANA-2026061201060303 | Publication Time | 2026-06-12 13:22:04 |
| Incident Type | ANA-Vulnerability Alert | Discovery Time | 2026-06-12 13:22:04 |
| Impact Level | Low | ||
| [Subject] 【Vulnerability Alert】Ivanti Sentry Has Two Critical Cybersecurity Vulnerabilities |
|||
| [Content]
Forwarded from TWCERTCC Security Advisory TWCERTCC-200-202606-00000006 Recently, Ivanti released a critical security vulnerability advisory for its Sentry product. 【CVE-2026-10520, CVSS: 10.0】 This vulnerability is an operating system command injection vulnerability that allows an unauthenticated remote user to execute remote code with root privileges. 【CVE-2026-10523, CVSS: 9.9】 This vulnerability is an authentication bypass vulnerability that allows an unauthenticated remote attacker to create arbitrary administrator accounts and obtain full administrator privileges. Information Sharing Level: WHITE (the intelligence content is information that may be publicly disclosed) |
|||
| [Affected Platform]
Ivanti Sentry version 10.5.1 and earlier Ivanti Sentry version 10.6.1 and earlier Ivanti Sentry version 10.7.0 and earlier |
|||
| [Recommended Actions]
Please update to the following versions: Ivanti Sentry version 10.5.2 or later, inclusive Ivanti Sentry version 10.6.2 or later, inclusive Ivanti Sentry version 10.7.1 or later, inclusive |
|||
|
[Reference] |
|||