Ivanti, Fortinet, and SAP Release Patches for Multiple Critical Vulnerabilities
The Hacker NewsArchived Jun 10, 2026✓ Full text saved
Fortinet, Ivanti, and SAP have released security updates to address multiple critical security vulnerabilities that could result in arbitrary code execution and information disclosure. The security flaw patched by Fortinet relates to a command injection vulnerability in FortiSandbox, FortiSandbox Cloud, and FortiSandbox PaaS WEB UI. It's tracked as CVE-2026-25089 (CVSS score: 9.1). "An
Full text archived locally
✦ AI Summary· Claude Sonnet
Ivanti, Fortinet, and SAP Release Patches for Multiple Critical Vulnerabilities
Ravie LakshmananJun 10, 2026Vulnerability / Patch Management
Fortinet, Ivanti, and SAP have released security updates to address multiple critical security vulnerabilities that could result in arbitrary code execution and information disclosure.
The security flaw patched by Fortinet relates to a command injection vulnerability in FortiSandbox, FortiSandbox Cloud, and FortiSandbox PaaS WEB UI. It's tracked as CVE-2026-25089 (CVSS score: 9.1).
"An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in FortiSandbox, FortiSandbox Cloud and FortiSandbox PaaS WEB UI may allow an unauthenticated attacker to execute unauthorized commands via specifically crafted HTTP requests," Fortinet said.
The issue impacts the following products and versions -
FortiSandbox 5.0.0 through 5.0.5 (Upgrade to 5.0.6 or above)
FortiSandbox 4.4.0 through 4.4.8 (Upgrade to 4.4.9 or above)
FortiSandbox Cloud 5.0.4 through 5.0.5 (Upgrade to 5.0.6 or above)
FortiSandbox PaaS 5.0.4 through 5.0.5 (Upgrade to 5.0.6 or above)
On Tuesday, Ivanti also published fixes for two critical security flaws impacting Ivanti Sentry (formerly MobileIron Sentry) -
CVE-2026-10520 (CVSS score: 10.0) - An operating system command injection vulnerability before versions R10.5.2, R10.6.2, and R10.7.1 that allows a remote unauthenticated user to achieve root-level remote code execution.
CVE-2026-10523 (CVSS score: 9.9) - An authentication bypass vulnerability before versions R10.5.2, R10.6.2, and R10.7.1 that allows a remote unauthenticated attacker to create arbitrary administrative accounts and obtain full administrative access.
watchTowr Labs, which published additional details of CVE-2026-10520, said an attacker could exploit the vulnerability by issuing a specially crafted HTTP request to the "/mics/api/v2/sentry/mics-config/handleMessage" endpoint, which is then interpreted as a MICS configuration command and executed by a backend component named "handleExecute()."
The patch shipped by Ivanti incorporates additional controls that block access to the vulnerable endpoint, causing unauthenticated requests to be redirected to the login page.
"Ivanti did not just remove attacker control over the vulnerable execution path," security researcher Sonny Macdonald said. "They also added a layer of protection in front of it to make reaching the endpoint significantly more difficult. In other words: they added authentication."
Rounding off the list of updates is SAP, which pushed out fixes for four critical vulnerabilities in NetWeaver AS ABAP and ABAP Platform, as well as SAP Commerce Cloud and SAP Data Hub -
CVE-2026-44748 (CVSS score: 9.9) - XML signature wrapping vulnerability in SAML authentication in SAP NetWeaver AS ABAP and ABAP Platform
CVE-2026-27671 (CVSS score: 9.8) - Memory corruption vulnerability in Application Server ABAP of SAP NetWeaver and ABAP Platform
CVE-2026-22732 (CVSS score: 9.1) - Potential Spring security vulnerability within SAP Commerce Cloud and SAP Data Hub
CVE-2026-40128 (CVSS score: 9.0) - Directory traversal vulnerability in SAP NetWeaver Application Server Java (Web Container)
"The application allows an authenticated attacker with normal privileges to obtain a valid signed message and send modified signed XML documents with tampered identity information to the verifier," SAP security company Onapsis said.
"Due to an improper XML signature verification, the manipulated identity information is accepted, leading to unauthorized access to sensitive user data and potential disruption of normal system usage."
As for CVE-2026-27671, the defect allows an unauthenticated attacker to send a crafted RFC request that exploits how the SAP kernel validates the RFC protocol to achieve memory corruption.
There is no evidence that any of the aforementioned flaws have been exploited in the wild. However, it's always a safe practice to update to the latest version for optimal protection.
Found this article interesting? Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post.
SHARE
Tweet
Share
Share
SHARE
Command Injection, cybersecurity, Fortinet, Ivanti, Patch Management, remote code execution, SAP, Vulnerability
⚡ Top Stories This Week
Microsoft 365 Android Apps Let Any App Steal Account Tokens via Leftover Debug Flag
Chrome V8 Zero-Day CVE-2026-11645 Exploited in the Wild - Patch Now
New ChatGPT Lockdown Mode Limits Tools That Could Enable Data Exfiltration
One-Character Linux Kernel Flaw Enables Local Root Access, Exploits Now Public
ThreatsDay Bulletin: AI Agents Gone Wrong, Sketchy C2 Tools, ClickFix Tricks, JS Backdoors + 20 New Stories
New FROST Attack Lets Websites Track What Sites and Apps You Open via SSD Timing
Cisco Patches CVE-2026-20230 in Unified CM as Exploit Code Goes Public
Microsoft Fixes One-Click GitHub Dev Attack That Let Attackers Steal OAuth Tokens
Unpatched Windows Search URI Vulnerability Lets Attackers Steal NTLMv2 Hashes
AI Agent Uncovers 21 Zero-Days in FFmpeg; Chrome Patches Record 429 Bugs
Miasma Worm Hits 73 Microsoft GitHub Repositories in Major Supply Chain Attack
Autonomous AI Tool Finds 2-Year-Old RCE Flaw in Redis (CVE-2026-23479)
New HTTP/2 Bomb Vulnerability Allows Remote DoS on NGINX, Apache, IIS, Envoy and Cloudflare
⚡ Weekly Recap: Instagram Account Hacks, Android Zero-Day, GitHub Worm and More
Free Apps Are Quietly Turning Smart TVs Into Web-Scraping Proxies for AI
Claude Code GitHub Action Flaw Let One Malicious Issue Hijack Repositories
Load More ▼
⭐ Featured Resources
Get the 2026 Guide to Govern and Secure Enterprise AI Agents at Scale
[Guide] Transform Network Operations with Intelligent Workflows
Catch 88% of Malware Threats in Under 60 Seconds with Live Sandbox Analysis
See How Agentic AI Cuts Your SOC Triage Time in Half [Get a Demo]