Ivanti, Fortinet, and SAP Address Critical Vulnerabilities with Urgent Patches
Ivanti, Fortinet, and SAP have released patches for multiple critical vulnerabilities, including command injection and authentication bypass flaws, that could lead to arbitrary code execution and data compromise.
Multiple major technology vendors, including Ivanti, Fortinet, and SAP, have issued urgent security updates to address a range of critical vulnerabilities. These flaws, if exploited, could allow unauthenticated attackers to execute arbitrary code, bypass authentication mechanisms, and gain unauthorized access to sensitive systems and data.
Fortinet has released a patch for a critical command injection vulnerability (CVE-2026-25089) affecting its FortiSandbox products. With a CVSS score of 9.1, this flaw resides in the web user interface and can be exploited by an unauthenticated attacker through specially crafted HTTP requests to execute unauthorized commands on the underlying operating system. The vulnerability impacts several versions of FortiSandbox, FortiSandbox Cloud, and FortiSandbox PaaS, with users advised to upgrade to the latest available versions.
Ivanti has also addressed two severe vulnerabilities in Ivanti Sentry (formerly MobileIron Sentry). The first, CVE-2026-10520, is an operating system command injection flaw with a CVSS score of 10.0, enabling remote, unauthenticated attackers to achieve root-level remote code execution. The second, CVE-2026-10523, a critical authentication bypass vulnerability (CVSS 9.9), allows unauthenticated remote attackers to create arbitrary administrative accounts, granting them full administrative access. Researchers from WatchTowr Labs detailed that CVE-2026-10520 can be exploited via a specific HTTP request to a particular endpoint. Ivanti's patch not only closes the vulnerable execution path but also adds an authentication layer to the endpoint.
SAP has rolled out fixes for four critical vulnerabilities across its product suite, including NetWeaver AS ABAP, ABAP Platform, SAP Commerce Cloud, and SAP Data Hub. These include CVE-2026-44748 (CVSS 9.9), an XML signature wrapping vulnerability in SAML authentication, which could lead to unauthorized access to sensitive data. CVE-2026-27671 (CVSS 9.8) is a memory corruption vulnerability in the Application Server ABAP, exploitable via crafted RFC requests. Additionally, CVE-2026-22732 (CVSS 9.1) relates to a potential Spring security issue in SAP Commerce Cloud and SAP Data Hub, and CVE-2026-40128 (CVSS 9.0) is a directory traversal vulnerability in SAP NetWeaver Application Server Java.
The SAP vulnerabilities, particularly CVE-2026-44748, allow authenticated attackers to manipulate signed XML documents to impersonate users and gain unauthorized access. The memory corruption flaw (CVE-2026-27671) can be triggered by an unauthenticated attacker sending a specially crafted RFC request that exploits how the SAP kernel validates the RFC protocol.
While there is currently no public evidence that these specific vulnerabilities have been actively exploited in the wild, the critical nature and high CVSS scores of these flaws underscore the importance of prompt patching. Organizations utilizing affected Ivanti Sentry, Fortinet FortiSandbox, and SAP products are strongly advised to apply the released security updates immediately to mitigate the risk of exploitation.
These disclosures highlight a persistent trend of critical vulnerabilities being discovered and patched across widely used enterprise software. The complexity of these systems often leads to multiple, severe security flaws being present, requiring continuous vigilance and robust patch management strategies from both vendors and their customers.