What is the CVSS score of EUVD-2026-35441?

EUVD-2026-35441 has a CVSS 3.1 base score of 9.9 (Critical). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H. EPSS exploitation probability: 0.3%.

Which versions of Ivanti Sentry are affected by EUVD-2026-35441?

Ivanti Sentry (mobile device management gateway) contains a critical authentication bypass (CVE-2026-10523, CVSS 9.9) that enables remote attackers to create arbitrary administrative accounts with…

Is there a public PoC exploit available for EUVD-2026-35441?

Yes, a public proof-of-concept exploit is available for EUVD-2026-35441. Prioritise patching immediately. EPSS: 0.3%.

How to fix or mitigate EUVD-2026-35441?

Within 24 hours: Identify and inventory all Ivanti Sentry deployments; assess network exposure; enable enhanced logging for administrative account creation activity. Within 7 days: Restrict network access to Sentry management interfaces to authorized personnel only; conduct forensic review of administrative accounts for unauthorized creation. Within 30 days: Monitor Ivanti security advisories for vendor-released patches targeting R10.5.2, R10.6.2, and R10.7.1; apply immediately upon availability; escalate to Ivanti support if patches remain unavailable.

Ivanti Sentry EUVD-2026-35441

| CVE-2026-10523 CRITICAL

Authentication Bypass Using an Alternate Path or Channel (CWE-288)

2026-06-09 ivanti

GHSA-8fc8-rw5j-9rcq

Authentication Bypass Ivanti

9.9

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

9.9 CRITICAL

AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

ENISA EUVD

CRITICAL

qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Jun 09, 2026 - 15:45 vuln.today

CVE Published

Jun 09, 2026 - 14:16 nvd

CRITICAL 9.9

DescriptionCVE.org

An Authentication Bypass vulnerability (CWE-288) in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote unauthenticated attacker to create arbitrary administrative accounts and obtain full administrative access

Articles & Coverage 4

labs.watchtowr.com Ivanti Sentry Pre-Auth RCE (CVE-2026-10520) and Auth Bypass (CVE-2026-10523) - CVSS 10 Dual Vulnerabilities Jun 10, 2026 News 3 New Ivanti Vulnerabilities - 2 Critical, 1 High Severity Jun 10, 2026 POC Ivanti Sentry Auth Bypass + RCE PoC: CVE-2026-10520 & CVE-2026-10523 Jun 09, 2026 News Critical Authentication Bypass in Ivanti Sentry - CVE-2026-10523 Jun 09, 2026

AnalysisAI

Authentication bypass in Ivanti Sentry prior to R10.5.2, R10.6.2, and R10.7.1 allows remote attackers to create arbitrary administrative accounts and gain full admin control of the mobile management gateway. The flaw is rated CVSS 9.9 with a scope-changed vector, indicating compromise extends beyond the immediate vulnerable component. …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access

Reach Sentry admin interface over network

Delivery

Send crafted request bypassing authentication

Exploit

Invoke administrator-creation function

Execution

Persist

Reconfigure tunnels and extract credentials

Impact

Pivot into Exchange/ActiveSync backend

Access

Reach Sentry admin interface over network

Delivery

Send crafted request bypassing authentication

Exploit

Invoke administrator-creation function

Execution

Persist

Reconfigure tunnels and extract credentials

Impact

Pivot into Exchange/ActiveSync backend

Vulnerability AssessmentAI

Exploitation	The attacker must have network reachability to the Ivanti Sentry administrative interface (the management port, typically TCP 8443, rather than the device-facing data port) on a Sentry instance running any build older than R10.5.2, R10.6.2, or R10.7.1. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment	Signals are strongly aligned toward high real-world risk: CVSS 9.9 with AV:N/AC:L, scope-changed (S:C), and full CIA impact reflects trivial network exploitation that escalates beyond Sentry itself into the managed mobile/email infrastructure it fronts. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario	An attacker who can reach the Sentry management interface over the network sends a crafted request to the affected admin endpoint that bypasses authentication, then invokes the account-creation function to add a new administrator with a chosen password. They log in as that administrator, reconfigure tunneling/Kerberos settings or extract credentials, and pivot into the Exchange/ActiveSync infrastructure Sentry fronts. …
Remediation	Vendor-released patches: upgrade to Ivanti Sentry R10.5.2, R10.6.2, or R10.7.1 on the matching maintenance branch per the advisory at https://hub.ivanti.com/s/article/Security-Advisory-Ivanti-Sentry-CVE-2026-10520-CVE-2026-10523. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Identify and inventory all Ivanti Sentry deployments; assess network exposure; enable enhanced logging for administrative account creation activity. …

Threat intelligence, references, and detailed analysis are available after sign-in.

EUVD-2026-35441 vulnerability details – vuln.today

Back

Ivanti Sentry EUVD-2026-35441

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

Articles & Coverage 4

AnalysisAI

Unlock full vulnerability intelligence

Attack ChainAIDerived

Vulnerability AssessmentAI

Recommended ActionAI

Share

External POC / Exploit Code