www.securityweek.com 7/15/2026, 11:52:19 AM · external

Fortinet, Ivanti and ServiceNow patch unauth RCE and other flaws

Fortinet, Ivanti and ServiceNow patch unauth RCE and other flaws
CyberSIXT Evidence Panel

ON Tuesday, Fortinet, Ivanti, and ServiceNow released patches addressing 15 vulnerabilities across their products. Notably, ServiceNow fixed a critical remote code execution flaw (CVE-2026-6875) with a CVSS score of 9.5, which could be exploited without authentication.

Ivanti addressed two vulnerabilities in its Xtraction tool (CVE-2026-14902, CVE-2026-14903), while Fortinet published advisories for 12 vulnerabilities in various platforms, including high-severity remote vulnerabilities in FortiAuthenticator and FortiSandbox. No evidence has been reported of these vulnerabilities being exploited in attacks.

View Primary Source Via www.securityweek.com

Article by CyberSIXT

Timeline Coverage

Swipe to explore timeline