Ivanti, Fortinet, and SAP Release Patches for Multiple Critical Vulnerabilities

Summary

Ivanti, Fortinet, and SAP have issued security updates to address several critical vulnerabilities. These flaws could lead to arbitrary code execution and information disclosure. The vulnerabilities affect products like FortiSandbox, Ivanti Sentry, and various SAP platforms, with CVSS scores ranging up to 10.0.

Full text

Ivanti, Fortinet, and SAP Release Patches for Multiple Critical Vulnerabilities Ravie LakshmananJun 10, 2026Vulnerability / Patch Management Fortinet, Ivanti, and SAP have released security updates to address multiple critical security vulnerabilities that could result in arbitrary code execution and information disclosure. The security flaw patched by Fortinet relates to a command injection vulnerability in FortiSandbox, FortiSandbox Cloud, and FortiSandbox PaaS WEB UI. It's tracked as CVE-2026-25089 (CVSS score: 9.1). "An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in FortiSandbox, FortiSandbox Cloud and FortiSandbox PaaS WEB UI may allow an unauthenticated attacker to execute unauthorized commands via specifically crafted HTTP requests," Fortinet said. The issue impacts the following products and versions - FortiSandbox 5.0.0 through 5.0.5 (Upgrade to 5.0.6 or above) FortiSandbox 4.4.0 through 4.4.8 (Upgrade to 4.4.9 or above) FortiSandbox Cloud 5.0.4 through 5.0.5 (Upgrade to 5.0.6 or above) FortiSandbox PaaS 5.0.4 through 5.0.5 (Upgrade to 5.0.6 or above) On Tuesday, Ivanti also published fixes for two critical security flaws impacting Ivanti Sentry (formerly MobileIron Sentry) - CVE-2026-10520 (CVSS score: 10.0) - An operating system command injection vulnerability before versions R10.5.2, R10.6.2, and R10.7.1 that allows a remote unauthenticated user to achieve root-level remote code execution. CVE-2026-10523 (CVSS score: 9.9) - An authentication bypass vulnerability before versions R10.5.2, R10.6.2, and R10.7.1 that allows a remote unauthenticated attacker to create arbitrary administrative accounts and obtain full administrative access. watchTowr Labs, which published additional details of CVE-2026-10520, said an attacker could exploit the vulnerability by issuing a specially crafted HTTP request to the "/mics/api/v2/sentry/mics-config/handleMessage" endpoint, which is then interpreted as a MICS configuration command and executed by a backend component named "handleExecute()." The patch shipped by Ivanti incorporates additional controls that block access to the vulnerable endpoint, causing unauthenticated requests to be redirected to the login page. "Ivanti did not just remove attacker control over the vulnerable execution path," security researcher Sonny Macdonald said. "They also added a layer of protection in front of it to make reaching the endpoint significantly more difficult. In other words: they added authentication." Rounding off the list of updates is SAP, which pushed out fixes for four critical vulnerabilities in NetWeaver AS ABAP and ABAP Platform, as well as SAP Commerce Cloud and SAP Data Hub - CVE-2026-44748 (CVSS score: 9.9) - XML signature wrapping vulnerability in SAML authentication in SAP NetWeaver AS ABAP and ABAP Platform CVE-2026-27671 (CVSS score: 9.8) - Memory corruption vulnerability in Application Server ABAP of SAP NetWeaver and ABAP Platform CVE-2026-22732 (CVSS score: 9.1) - Potential Spring security vulnerability within SAP Commerce Cloud and SAP Data Hub CVE-2026-40128 (CVSS score: 9.0) - Directory traversal vulnerability in SAP NetWeaver Application Server Java (Web Container) "The application allows an authenticated attacker with normal privileges to obtain a valid signed message and send modified signed XML documents with tampered identity information to the verifier," SAP security company Onapsis said. "Due to an improper XML signature verification, the manipulated identity information is accepted, leading to unauthorized access to sensitive user data and potential disruption of normal system usage." As for CVE-2026-27671, the defect allows an unauthenticated attacker to send a crafted RFC request that exploits how the SAP kernel validates the RFC protocol to achieve memory corruption. There is no evidence that any of the aforementioned flaws have been exploited in the wild. However, it's always a safe practice to update to the latest version for optimal protection. Found this article interesting? Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post. SHARE     Tweet Share Share Share SHARE  Command Injection, cybersecurity, Fortinet, Ivanti, Patch Management, remote code execution, SAP, Vulnerability ⚡ Top Stories This Week Chrome V8 Zero-Day CVE-2026-11645 Exploited in the Wild - Patch Now New FROST Attack Lets Websites Track What Sites and Apps You Open via SSD Timing One-Character Linux Kernel Flaw Enables Local Root Access, Exploits Now Public ⚡ Weekly Recap: Instagram Account Hacks, Android Zero-Day, GitHub Worm and More New ChatGPT Lockdown Mode Limits Tools That Could Enable Data Exfiltration Free Apps Are Quietly Turning Smart TVs Into Web-Scraping Proxies for AI AI Agent Uncovers 21 Zero-Days in FFmpeg; Chrome Patches Record 429 Bugs Miasma Worm Hits 73 Microsoft GitHub Repositories in Major Supply Chain Attack Cisco Patches CVE-2026-20230 in Unified CM as Exploit Code Goes Public Claude Code GitHub Action Flaw Let One Malicious Issue Hijack Repositories Microsoft Fixes One-Click GitHub Dev Attack That Let Attackers Steal OAuth Tokens Autonomous AI Tool Finds 2-Year-Old RCE Flaw in Redis (CVE-2026-23479) Microsoft 365 Android Apps Let Any App Steal Account Tokens via Leftover Debug Flag Unpatched Windows Search URI Vulnerability Lets Attackers Steal NTLMv2 Hashes New HTTP/2 Bomb Vulnerability Allows Remote DoS on NGINX, Apache, IIS, Envoy and Cloudflare ThreatsDay Bulletin: AI Agents Gone Wrong, Sketchy C2 Tools, ClickFix Tricks, JS Backdoors + 20 New Stories ⭐ Featured Resources Get the 2026 Guide to Govern and Secure Enterprise AI Agents at Scale Catch 88% of Malware Threats in Under 60 Seconds with Live Sandbox Analysis [Guide] Transform Network Operations with Intelligent Workflows See How Agentic AI Cuts Your SOC Triage Time in Half [Get a Demo]

Indicators of Compromise

• cve — CVE-2026-25089
• cve — CVE-2026-10520
• cve — CVE-2026-10523
• cve — CVE-2026-44748
• cve — CVE-2026-27671
• cve — CVE-2026-22732
• cve — CVE-2026-40128

Entities