Ivanti, Fortinet, and SAP Release Patches for Multiple Critical Vulnerabilities

Fortinet, Ivanti, and SAP released patches this week for critical vulnerabilities exposing organizations to arbitrary code execution and data theft.

Fortinet addressed CVE-2026-25089, a command injection flaw affecting FortiSandbox, FortiSandbox Cloud, and FortiSandbox PaaS. The vulnerability carries a CVSS score of 9.1, meaning unauthenticated attackers can inject malicious commands through the web UI and execute code with elevated privileges. Organizations running these sandbox solutions face immediate risk, as threat actors exploit this vector to bypass detection systems and move laterally into networks.

Ivanti patched vulnerabilities in its Connect and Pulse Secure platforms. These products function as remote access gateways used by enterprises to enable secure VPN connectivity. The flaws enable attackers to establish unauthorized access without valid credentials, potentially giving adversaries persistence on corporate networks. The scope extends to both on-premises and cloud-hosted Ivanti solutions.

SAP released patches for multiple vulnerabilities in its NetWeaver and other core enterprise applications. These systems handle critical business processes, financials, and supply chain operations across thousands of global organizations. Exploitation allows remote code execution without authentication in several instances, creating direct pathways to sensitive enterprise data.

The timing amplifies risk. These three vendors maintain deep penetration into enterprise infrastructure. Fortinet products protect against malware. Ivanti solutions control network access. SAP systems process financial and operational data. A sophisticated attacker chaining these exploits gains the ability to bypass security controls, move through a network undetected, and access valuable business information.

Organizations running any of these products should prioritize patching immediately. Security teams should verify current versions against vendor advisories and apply updates to internet-facing systems first. Network monitoring should focus on unusual command patterns in Fortinet logs and suspicious authentication