In a critical move to enhance cybersecurity, Fortinet, Ivanti, and ServiceNow have released patches for a total of 15 vulnerabilities across their product lines. This update, rolled out on Tuesday, addresses several high-risk areas within their software systems.
ServiceNow Mitigates Critical RCE Flaw
ServiceNow has tackled a significant remote code execution (RCE) vulnerability within its AI platform, identified as CVE-2026-6875 with an impressive CVSS score of 9.5. This flaw could be exploited without requiring authentication, posing a considerable risk to users. The company has implemented a security update for hosted instances and has distributed necessary updates to their self-hosted customers and partners.
Ivanti Fixes Data Tool Vulnerabilities
Ivanti has addressed two security weaknesses in its Xtraction data aggregation and visualization tool, marked as CVE-2026-14902 and CVE-2026-14903. These include a medium-severity open redirect and a high-severity path traversal, which could potentially redirect users to unintended URLs and allow unauthorized access to files outside the designated web directory. Ivanti has assured users that there is no current evidence of these vulnerabilities being actively exploited.
Fortinet’s Comprehensive Security Updates
On the same day, Fortinet issued 11 security advisories concerning 12 vulnerabilities affecting various products such as FortiOS, FortiProxy, and FortiAuthenticator. The most severe issues involve high-severity bugs that could allow remote attackers to access sensitive data and virtual machine servers. Additionally, Fortinet has patched several medium- and low-severity vulnerabilities that could result in memory leaks and unauthorized command execution, among other issues.
Fortinet has not reported any instances of these security flaws being exploited in real-world attacks, yet the potential impact underscores the importance of these updates.
The proactive measures taken by Fortinet, Ivanti, and ServiceNow highlight the ongoing challenges and critical nature of maintaining robust cybersecurity practices in today’s digital landscape. Users are encouraged to apply these updates promptly to safeguard their systems against potential threats.
