FORTINET and Ivanti released patches for critical vulnerabilities in their products, including an OS command injection flaw (CVE-2026-25089) with a CVSS score of 9.8 in Fortinet’s FortiSandbox. This vulnerability could allow unauthenticated attackers to execute arbitrary commands. Fortinet also addressed two medium-severity flaws in FortiOS and FortiProxy. Meanwhile, Ivanti patched two critical vulnerabilities in Sentry, including CVE-2026-10520 with a CVSS score of 10, allowing unauthorized remote code execution.
Ivanti’s Endpoint Manager Mobile received high-severity patches for potential remote code execution vulnerabilities. Both companies reported no evidence of these flaws being exploited in the wild.