Ivanti Sentry
5 CVEs affecting Ivanti Sentry. Latest disclosed: 2026-06-09. Critical: 2, High: 2.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-10520 | Critical | 10.0 | 2026-06-09 | An OS Command Injection vulnerability in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote unauthenticated user to achieve root-le… |
CVE-2026-10523 | Critical | 9.9 | 2026-06-09 | An Authentication Bypass vulnerability (CWE-288) in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote unauthenticated attacker to… |
CVE-2024-8540 | High | 8.8 | 2024-12-10 | Insecure permissions in Ivanti Sentry before versions 9.20.2 and 10.0.2 or 10.1.0 allow a local authenticated attacker to modify sensitive application componen… |
CVE-2023-41724 | High | 8.8 | 2024-03-31 | A command injection vulnerability in Ivanti Sentry prior to 9.19.0 allows unauthenticated threat actor to execute arbitrary commands on the underlying operatin… |
CVE-2023-39338 | Medium | 6.8 | 2025-07-12 | Enables an authenticated user (enrolled device) to access a service protected by Sentry even if they are not authorized according to the sentry policy to acces… |