Fortinet, Ivanti, and SAP have issued urgent security updates for multiple critical flaws that could enable remote code execution, authentication bypass, and information disclosure. The affected products include FortiSandbox, Ivanti Sentry, and several SAP platforms, with no evidence yet of in-the-wild exploitation. #FortiSandbox #IvantiSentry #SAPNetWeaver #SAPCommerceCloud #SAPDataHub
Keypoints
- Fortinet fixed CVE-2026-25089 in FortiSandbox and related products.
- The Fortinet flaw could let an unauthenticated attacker execute commands through crafted HTTP requests.
- Ivanti patched CVE-2026-10520 and CVE-2026-10523 in Ivanti Sentry.
- Ivanti Sentry could allow root-level code execution or full admin access.
- SAP released fixes for four critical flaws in NetWeaver, ABAP Platform, Commerce Cloud, and Data Hub.
Read More: https://thehackernews.com/2026/06/ivanti-fortinet-and-sap-release-patches.html