Ivanti, Fortinet, and SAP have issued crucial security updates, addressing several severe vulnerabilities that pose risks of code execution and data breaches. Organizations using these technologies are advised to apply the patches without delay to mitigate potential security threats.
Fortinet’s Response to Critical Vulnerability
Fortinet has tackled a significant command injection vulnerability identified in FortiSandbox, FortiSandbox Cloud, and FortiSandbox PaaS WEB UI, designated as CVE-2026-25089 with a CVSS score of 9.1. This flaw allows unauthenticated attackers to execute arbitrary commands via specially crafted HTTP requests.
To address this, Fortinet recommends updating FortiSandbox to version 5.0.6 or higher for affected versions 5.0.0 through 5.0.5 and 4.4.0 through 4.4.8. FortiSandbox Cloud and PaaS users are similarly advised to upgrade to 5.0.6 or newer.
Ivanti’s Critical Security Fixes
On Tuesday, Ivanti released fixes for two critical vulnerabilities in Ivanti Sentry, previously known as MobileIron Sentry. The vulnerabilities, CVE-2026-10520 and CVE-2026-10523, carry CVSS scores of 10.0 and 9.9, respectively. These flaws could enable remote code execution and unauthorized administrative access if left unpatched.
The update enhances security by adding authentication layers, effectively blocking unauthenticated access to vulnerable endpoints. This proactive measure significantly increases the difficulty for attackers attempting to exploit these vulnerabilities.
SAP’s Security Enhancements
SAP has also released patches for critical vulnerabilities within its NetWeaver AS ABAP, ABAP Platform, SAP Commerce Cloud, and SAP Data Hub. The vulnerabilities, which include XML signature wrapping and memory corruption issues, have CVSS scores ranging from 9.0 to 9.9.
Exploitation of these flaws could result in unauthorized access and system disruptions. SAP advises all users to implement the latest updates to secure their systems against potential threats.
Although there is no immediate evidence of these vulnerabilities being exploited in the wild, applying these updates is deemed a best practice to ensure robust security.
Exploitation and Responses
The Shadowserver Foundation has observed attempts to exploit Ivanti Sentry’s CVE-2026-10520, with reports indicating some compromised instances. Consequently, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added this vulnerability to its Known Exploited Vulnerabilities catalog, mandating federal agencies to apply the fixes by June 14.
Additionally, Ivanti noted that exploitation requires access to the management port, typically not exposed to the internet. Implementing multi-factor authentication and restricted access can further enhance security.
Organizations are urged to prioritize these updates to safeguard against emerging threats and maintain system integrity.
