Patches from Ivanti, Fortinet and SAP: several critical vulnerabilities fixed

Colleagues, a cybersecurity update: Ivanti, Fortinet and SAP have released patches for multiple critical vulnerabilities.
- Fortinet: fixed command injection in FortiSandbox Web UI (CVE-2026-25089). Please update to the specified versions.
- Ivanti: two critical Sentry flaws — RCE via a vulnerable endpoint (CVE-2026-10520) and authentication bypass enabling admin creation (CVE-2026-10523). Patch adds checks and blocks access.
- SAP: four critical fixes across NetWeaver, Commerce Cloud and Data Hub (SAML XML-signature, memory, Spring, directory traversal).
Why it matters: these issues enable RCE or full admin compromise — updating reduces compromise risk.
How will you respond to these patches in your environment?
#cybersecurity #patches #infosec #vulnerability


Latest comments
No comments yet.