Critical patches from Fortinet, Ivanti and SAP released
🛡️ Fortinet, Ivanti, and SAP issued security updates addressing multiple critical vulnerabilities that could enable arbitrary code execution and data disclosure. Fortinet fixed a command injection in FortiSandbox (CVE-2026-25089, CVSS 9.1). Ivanti patched two critical Ivanti Sentry flaws (CVE-2026-10520, CVSS 10.0; CVE-2026-10523, CVSS 9.9) that allow remote code execution and admin account creation. SAP released fixes for four critical issues across NetWeaver, ABAP Platform, Commerce Cloud, and Data Hub.
