IT software provider Ivanti fixed two vulnerabilities in Ivanti Sentry, a secure mobile gateway appliance formerly called MobileIron Sentry. The flaws could allow unauthenticated remote attackers to gain complete control of deployments.
One of the vulnerabilities, CVE-2026-10523, credited to researcher Bryan Lam, allows attackers to bypass authentication and create arbitrary administrative accounts on appliances. The flaw is rated with a severity of 9.9 out of 10 on the CVSS scale.
The second flaw, CVE-2026-10520, is a command injection issue that can lead to remote code execution with root privileges on the underlying OS. Because the vulnerability can be exploited remotely without authentic...