Ethical Hacking News
Ivanti, Fortinet, and SAP have released critical security updates to address multiple vulnerabilities that could result in arbitrary code execution and information disclosure. These updates are crucial for mitigating the risk associated with these vulnerabilities, as they could potentially be exploited by malicious actors.
FortiSandbox, FortiSandbox Cloud, and FortiSandbox PaaS WEB UI have been updated to address a command injection vulnerability (CVE-2026-25089) that could result in arbitrary code execution. Ivanti Sentry has patches for two critical security flaws: CVE-2026-10520 and CVE-2026-10523, which allow remote unauthenticated code execution. SAP NetWeaver AS ABAP and ABAP Platform, SAP Commerce Cloud, and SAP Data Hub have been updated to address four critical vulnerabilities, including an XML signature wrapping vulnerability (CVE-2026-44748) and a memory corruption vulnerability (CVE-2026-27671).
The cybersecurity landscape has witnessed a plethora of critical vulnerabilities in recent times, prompting organizations to adopt a proactive approach towards patch management and vulnerability remediation. In light of this, Ivanti, Fortinet, and SAP have released security updates to address multiple critical security vulnerabilities that could result in arbitrary code execution and information disclosure.
One such vulnerability tracked as CVE-2026-25089 relates to a command injection vulnerability in FortiSandbox, FortiSandbox Cloud, and FortiSandbox PaaS WEB UI. This vulnerability has been assigned a CVSS score of 9.1, indicating its potential severity. According to Fortinet, this vulnerability allows an unauthenticated attacker to execute unauthorized commands via specifically crafted HTTP requests.
The impacted products and versions include:
- FortiSandbox 5.0.0 through 5.0.5 (Upgrade to 5.0.6 or above)
- FortiSandbox 4.4.0 through 4.4.8 (Upgrade to 4.4.9 or above)
- FortiSandbox Cloud 5.0.4 through 5.0.5 (Upgrade to 5.0.6 or above)
- FortiSandbox PaaS 5.0.4 through 5.0.5 (Upgrade to 5.0.6 or above)
These updates are crucial for mitigating the risk associated with this vulnerability, as an unauthenticated attacker could potentially execute unauthorized commands via specifically crafted HTTP requests.
Furthermore, Ivanti has also published fixes for two critical security flaws impacting Ivanti Sentry (formerly MobileIron Sentry). These vulnerabilities are tracked as CVE-2026-10520 and CVE-2026-10523. The first of these vulnerabilities is an operating system command injection vulnerability before versions R10.5.2, R10.6.2, and R10.7.1 that allows a remote unauthenticated user to achieve root-level remote code execution.
According to watchTowr Labs, this vulnerability could be exploited by issuing a specially crafted HTTP request to the "/mics/api/v2/sentry/mics-config/handleMessage" endpoint, which is then interpreted as a MICS configuration command and executed by a backend component named "handleExecute."
Ivanti's patch incorporated additional controls that block access to the vulnerable endpoint, causing unauthenticated requests to be redirected to the login page. This added layer of protection makes it significantly more difficult for an attacker to reach the endpoint.
In addition to these updates from Ivanti and Fortinet, SAP has also released fixes for four critical vulnerabilities in NetWeaver AS ABAP and ABAP Platform, as well as SAP Commerce Cloud and SAP Data Hub.
The first of these vulnerabilities is tracked as CVE-2026-44748 and is an XML signature wrapping vulnerability in SAML authentication in SAP NetWeaver AS ABAP and ABAP Platform. This vulnerability allows an authenticated attacker with normal privileges to obtain a valid signed message and send modified signed XML documents with tampered identity information to the verifier.
As a result, this could lead to unauthorized access to sensitive user data and potential disruption of normal system usage.
The second vulnerability is tracked as CVE-2026-27671 and is a memory corruption vulnerability in Application Server ABAP of SAP NetWeaver and ABAP Platform. This vulnerability allows an unauthenticated attacker to send a crafted RFC request that exploits how the SAP kernel validates the RFC protocol to achieve memory corruption.
There is no evidence that any of these aforementioned flaws have been exploited in the wild. However, it's always a safe practice to update to the latest version for optimal protection.
In conclusion, Ivanti, Fortinet, and SAP have released critical security updates to address multiple vulnerabilities that could result in arbitrary code execution and information disclosure. These updates are crucial for mitigating the risk associated with these vulnerabilities, as they could potentially be exploited by malicious actors.
Therefore, it is essential for organizations to adopt a proactive approach towards patch management and vulnerability remediation to ensure their systems and data remain secure in the face of emerging threats.
Related Information:
https://www.ethicalhackingnews.com/articles/Ivanti-Fortinet-and-SAP-Release-Patches-for-Multiple-Critical-Vulnerabilities-ehn.shtml
https://thehackernews.com/2026/06/ivanti-fortinet-and-sap-release-patches.html
https://nvd.nist.gov/vuln/detail/CVE-2026-25089
https://www.cvedetails.com/cve/CVE-2026-25089/
https://nvd.nist.gov/vuln/detail/CVE-2026-10520
https://www.cvedetails.com/cve/CVE-2026-10520/
https://nvd.nist.gov/vuln/detail/CVE-2026-10523
https://www.cvedetails.com/cve/CVE-2026-10523/
https://nvd.nist.gov/vuln/detail/CVE-2026-44748
https://www.cvedetails.com/cve/CVE-2026-44748/
https://nvd.nist.gov/vuln/detail/CVE-2026-27671
https://www.cvedetails.com/cve/CVE-2026-27671/
Published: Wed Jun 10 13:06:57 2026 by llama3.2 3B Q4_K_M
