[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2026-10523":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-09T17:05:28.702Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":262,"aliases":263,"duplicate_of":9,"upstream":264,"downstream":265,"duplicates":266,"related":267,"reserved_at":9,"published_at":268,"modified_at":269,"state":270,"summary":271,"references_raw":278,"kevs":284,"epss":9,"epss_history":285,"metrics":286,"affected":294},"CVE-2026-10523","An Authentication Bypass vulnerability (CWE-288) in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote unauthenticated attacker to create arbitrary administrative accounts and obtain full administrative access",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":9,"capec":18},"CWE-288","Authentication Bypass Using an Alternate Path or Channel","The product requires authentication, but the product has an alternate path or channel that does not require authentication.","weakness","Incomplete","Base",[19,81],{"id":20,"name":21,"techniques":22},"CAPEC-127","Directory Indexing",[23],{"id":24,"name":25,"tactics":26,"countermeasures":30},"T1083","File and Directory Discovery",[27],{"id":28,"name":29},"TA0102","Discovery",[31,36,40,45,50,55,60,65,69,73,77],{"id":32,"name":33,"tactic":34},"D3-FA","File Analysis",{"name":35},"Detect",{"id":37,"name":38,"tactic":39},"D3-FIM","File Integrity Monitoring",{"name":35},{"id":41,"name":42,"tactic":43},"D3-FEV","File Eviction",{"name":44},"Evict",{"id":46,"name":47,"tactic":48},"D3-DF","Decoy File",{"name":49},"Deceive",{"id":51,"name":52,"tactic":53},"D3-FE","File Encryption",{"name":54},"Harden",{"id":56,"name":57,"tactic":58},"D3-RF","Restore File",{"name":59},"Restore",{"id":61,"name":62,"tactic":63},"D3-LFP","Local File Permissions",{"name":64},"Isolate",{"id":66,"name":67,"tactic":68},"D3-CF","Content Filtering",{"name":64},{"id":70,"name":71,"tactic":72},"D3-RFAM","Remote File Access Mediation",{"name":64},{"id":74,"name":75,"tactic":76},"D3-CQ","Content Quarantine",{"name":64},{"id":78,"name":79,"tactic":80},"D3-CM","Content Modification",{"name":64},{"id":82,"name":83,"techniques":84},"CAPEC-665","Exploitation of Thunderbolt Protection Flaws",[85,120,159],{"id":86,"name":87,"tactics":88,"countermeasures":95},"T1211","Exploitation for Stealth",[89,92],{"id":90,"name":91},"TA0030","Defense Evasion",{"id":93,"name":94},"TA0005","Stealth",[96,100,104,108,112,116],{"id":97,"name":98,"tactic":99},"D3-MBT","Memory Boundary Tracking",{"name":35},{"id":101,"name":102,"tactic":103},"D3-PCSV","Process Code Segment Verification",{"name":35},{"id":105,"name":106,"tactic":107},"D3-SSC","Shadow Stack Comparisons",{"name":35},{"id":109,"name":110,"tactic":111},"D3-PSEP","Process Segment Execution Prevention",{"name":54},{"id":113,"name":114,"tactic":115},"D3-SAOR","Segment Address Offset Randomization",{"name":54},{"id":117,"name":118,"tactic":119},"D3-SFCV","Stack Frame Canary Validation",{"name":54},{"id":121,"name":122,"tactics":123,"countermeasures":129},"T1542.002","Component Firmware",[124,125,126],{"id":90,"name":91},{"id":93,"name":94},{"id":127,"name":128},"TA0110","Persistence",[130,135,139,143,147,151,155],{"id":131,"name":132,"tactic":133},"D3-SWI","Software Inventory",{"name":134},"Model",{"id":136,"name":137,"tactic":138},"D3-AVE","Asset Vulnerability Enumeration",{"name":134},{"id":140,"name":141,"tactic":142},"D3-FEMC","Firmware Embedded Monitoring Code",{"name":35},{"id":144,"name":145,"tactic":146},"D3-FV","Firmware Verification",{"name":35},{"id":148,"name":149,"tactic":150},"D3-FBA","Firmware Behavior Analysis",{"name":35},{"id":152,"name":153,"tactic":154},"D3-SU","Software Update",{"name":54},{"id":156,"name":157,"tactic":158},"D3-RS","Restore Software",{"name":59},{"id":160,"name":161,"tactics":162,"countermeasures":171},"T1556","Modify Authentication Process",[163,164,167,168],{"id":90,"name":91},{"id":165,"name":166},"TA0112","Defense Impairment",{"id":127,"name":128},{"id":169,"name":170},"TA0031","Credential Access",[172,176,180,184,186,188,192,196,200,204,206,210,214,218,222,224,226,228,232,234,236,238,240,242,246,250,254,258],{"id":173,"name":174,"tactic":175},"D3-CI","Configuration Inventory",{"name":134},{"id":177,"name":178,"tactic":179},"D3-NTPM","Network Traffic Policy Mapping",{"name":134},{"id":181,"name":182,"tactic":183},"D3-AM","Access Modeling",{"name":134},{"id":32,"name":33,"tactic":185},{"name":35},{"id":37,"name":38,"tactic":187},{"name":35},{"id":189,"name":190,"tactic":191},"D3-PLA","Process Lineage Analysis",{"name":35},{"id":193,"name":194,"tactic":195},"D3-PSMD","Process Self-Modification Detection",{"name":35},{"id":197,"name":198,"tactic":199},"D3-PSA","Process Spawn Analysis",{"name":35},{"id":201,"name":202,"tactic":203},"D3-SFA","System File Analysis",{"name":35},{"id":41,"name":42,"tactic":205},{"name":44},{"id":207,"name":208,"tactic":209},"D3-PT","Process Termination",{"name":44},{"id":211,"name":212,"tactic":213},"D3-PS","Process Suspension",{"name":44},{"id":215,"name":216,"tactic":217},"D3-HR","Host Reboot",{"name":44},{"id":219,"name":220,"tactic":221},"D3-HS","Host Shutdown",{"name":44},{"id":46,"name":47,"tactic":223},{"name":49},{"id":51,"name":52,"tactic":225},{"name":54},{"id":56,"name":57,"tactic":227},{"name":59},{"id":229,"name":230,"tactic":231},"D3-RC","Restore Configuration",{"name":59},{"id":66,"name":67,"tactic":233},{"name":64},{"id":61,"name":62,"tactic":235},{"name":64},{"id":70,"name":71,"tactic":237},{"name":64},{"id":74,"name":75,"tactic":239},{"name":64},{"id":78,"name":79,"tactic":241},{"name":64},{"id":243,"name":244,"tactic":245},"D3-KBPI","Kernel-based Process Isolation",{"name":64},{"id":247,"name":248,"tactic":249},"D3-SCF","System Call Filtering",{"name":64},{"id":251,"name":252,"tactic":253},"D3-HBPI","Hardware-based Process Isolation",{"name":64},{"id":255,"name":256,"tactic":257},"D3-ABPI","Application-based Process Isolation",{"name":64},{"id":259,"name":260,"tactic":261},"D3-WSAM","Web Session Access Mediation",{"name":64},[],[],[],[],[],[],"2026-06-09T14:16:41.255Z","2026-06-09T15:39:25.402Z","Received",{"cisa_kev":272,"cisa_ransomware":272,"cisa_vendor":9,"epss_severity":9,"epss_score":9,"severity":273,"severity_score":274,"severity_version":275,"severity_source":276,"severity_vector":277,"severity_status":270},false,"critical",9.9,"v3.1","cve.org","CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",[279],{"url":280,"sources":281,"tags":283},"https://hub.ivanti.com/s/article/Security-Advisory-Ivanti-Sentry-CVE-2026-10520-CVE-2026-10523?language=en_US",[276,282],"nvd",[],[],[],[287,292],{"source":276,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":288,"cvss_v4_0":9},{"baseScore":274,"baseSeverity":289,"vectorString":277,"impactScore":290,"exploitabilityScore":291},"CRITICAL",10,7.9,{"source":282,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":293,"cvss_v4_0":9},{"baseScore":274,"baseSeverity":289,"vectorString":277,"impactScore":290,"exploitabilityScore":291},[]]