Ivanti, Fortinet, and SAP Release Patches for Multiple Critical Vulnerabilities
Fortinet released a security update on March 18, 2026, to address a critical command injection vulnerability in FortiSandbox, FortiSandbox Cloud, and FortiSandbox PaaS WEB UI, tracked as CVE-2026-25089 with a CVSS score of 9.1. This flaw could allow an attacker to execute arbitrary code. Ivanti also issued patches for multiple critical vulnerabilities affecting its Neurons for ITSM product, including a SQL injection vulnerability (CVE-2026-25088, CVSS 9.8) and an arbitrary file write vulnerability (CVE-2026-25087, CVSS 8.8), which could lead to remote code execution and information disclosure. SAP addressed several high-severity vulnerabilities in its products, including a cross-site scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence Platform (CVE-2026-25090, CVSS 7.5) and an authentication bypass vulnerability in SAP NetWeaver AS Java (CVE-2026-25091, CVSS 9.1), potentially allowing attackers to compromise systems and steal sensitive data. These updates are crucial for organizations to protect their networks from exploitation.
Original source — read the full reporting at the publisher:
Read on The Hacker News