Multiple technology giants, including Fortinet, Ivanti, and SAP, have issued critical security updates to address severe vulnerabilities. These flaws, if exploited, could empower unauthenticated attackers to execute arbitrary code remotely and gain unauthorized access to sensitive information. The swift action by these vendors underscores the ongoing challenges in maintaining robust cybersecurity defenses against sophisticated threats.
The vulnerabilities patched range across diverse product lines, from network security appliances to enterprise resource planning systems. While there is currently no evidence of active exploitation in the wild, experts strongly advise immediate application of these patches to mitigate potential risks and ensure the integrity of affected systems. Proactive patch management remains a cornerstone of effective cybersecurity strategy.
Critical Vulnerabilities Addressed by Fortinet, Ivanti, and SAP
Fortinet has released a fix for a critical command injection vulnerability affecting its FortiSandbox solutions. This flaw, tracked as CVE-2026-25089, carries a CVSS score of 9.1, indicating a high severity. The vulnerability resides within the web user interface of FortiSandbox, FortiSandbox Cloud, and FortiSandbox PaaS products. An unauthenticated attacker could leverage this by sending specially crafted HTTP requests to execute unauthorized commands on susceptible systems.
The affected versions of FortiSandbox include 5.0.0 through 5.0.5, with users advised to upgrade to 5.0.6 or later. Similar recommendations apply to FortiSandbox 4.4.0 through 4.4.8 (upgrade to 4.4.9 or above) and the cloud-based offerings, FortiSandbox Cloud and FortiSandbox PaaS, where versions 5.0.4 through 5.0.5 require an update to 5.0.6 or newer.
Ivanti has concurrently addressed two critical security flaws impacting its Ivanti Sentry product, formerly known as MobileIron Sentry. The first, CVE-2026-10520, with a perfect CVSS score of 10.0, is an operating system command injection vulnerability. This allows a remote, unauthenticated user to achieve root-level remote code execution.
The second Ivanti vulnerability, CVE-2026-10523, rated at 9.9 CVSS, concerns an authentication bypass. This critical flaw permits a remote attacker who is not authenticated to create arbitrary administrative accounts, effectively granting them full administrative control over the system. Both vulnerabilities affect products prior to versions R10.5.2, R10.6.2, and R10.7.1.
Security researcher Sonny Macdonald, as reported by watchTowr Labs, detailed how CVE-2026-10520 could be exploited. An attacker could send a malicious HTTP request to a specific endpoint, which would then be interpreted as a command and executed by a backend component. Ivanti’s patch not only closes this execution path but also implements additional controls to make reaching the vulnerable endpoint significantly more difficult, effectively introducing an authentication layer.
SAP has also stepped in with security updates, patching four critical vulnerabilities. These impact SAP NetWeaver AS ABAP and ABAP Platform, SAP Commerce Cloud, and SAP Data Hub. The vulnerabilities include CVE-2026-44748 (9.9 CVSS), an XML signature wrapping vulnerability in SAML authentication; CVE-2026-27671 (9.8 CVSS), a memory corruption flaw in the Application Server ABAP; CVE-2026-22732 (9.1 CVSS), a potential Spring security vulnerability within SAP Commerce Cloud and SAP Data Hub; and CVE-2026-40128 (9.0 CVSS), a directory traversal vulnerability in SAP NetWeaver Application Server Java (Web Container).
According to the SAP security company Onapsis, the XML signature wrapping vulnerability (CVE-2026-44748) allows an authenticated attacker with normal privileges to manipulate signed XML documents. By sending modified documents with tampered identity information, and due to improper XML signature verification, the system could grant unauthorized access to sensitive user data and disrupt normal operations.
Regarding the memory corruption vulnerability (CVE-2026-27671), an unauthenticated attacker can exploit it by sending a crafted RFC request that leverages how the SAP kernel validates the RFC protocol, leading to memory corruption.
Implications and Next Steps for Patch Management
The continuous discovery of high-severity vulnerabilities across major software vendors highlights the persistent threat landscape. Organizations that rely on Fortinet, Ivanti, and SAP products are urged to prioritize the deployment of these latest security patches. Effective patch management is crucial for safeguarding against potential breaches that could lead to data theft, system downtime, and significant financial losses.
While no active exploitation of these specific vulnerabilities has been confirmed, the potential for widespread impact is considerable given the prevalence of these technologies in enterprise environments. Staying current with vendor security advisories and implementing a robust patch management program is no longer optional but a fundamental requirement for maintaining a secure operating posture.
The next expected step for organizations is the thorough assessment and deployment of these patches across their respective infrastructures. Staying vigilant and monitoring for any new developments or potential exploitation attempts will be critical in the coming weeks and months.