ON Tuesday, Fortinet, Ivanti, and ServiceNow released patches addressing 15 vulnerabilities across their products. Notably, ServiceNow fixed a critical remote code execution flaw (CVE-2026-6875) with a CVSS score of 9.5, which could be exploited without authentication.
Ivanti addressed two vulnerabilities in its Xtraction tool (CVE-2026-14902, CVE-2026-14903), while Fortinet published advisories for 12 vulnerabilities in various platforms, including high-severity remote vulnerabilities in FortiAuthenticator and FortiSandbox. No evidence has been reported of these vulnerabilities being exploited in attacks.