
FORTINET, Ivanti and ServiceNow released patches on Tuesday addressing fifteen vulnerabilities across their products, including a critical unauthenticated remote code execution flaw in ServiceNow that could be exploited without credentials according to SecurityWeek.
The most severe issue tracked as CVE-2026-6875 carries a CVSS score of 9.5 and resides in the ServiceNow AI Platform, allowing unauthenticated remote code execution under certain workflow configurations; ServiceNow notes that releases Brazil, Australia, Zurich and Yokohama are affected according to its advisory.
Ivanti patched two flaws in its Xtraction tool identified as CVE-2026-14902 with a CVSS rating of 4.0 and CVE-2026-14903 rated at 7.7, both requiring local access to exploit; Fortinet published advisories for twelve additional vulnerabilities covering high‑severity remote issues in FortiAuthenticator and FortiSandbox among other products as detailed by SecurityWeek.
At the time of release there were no public reports of active exploitation for any of these flaws and no threat actors have been linked to them; nevertheless the critical ServiceNow flaw could allow an attacker to escape sandbox protections and execute arbitrary code on the underlying server.
The absence of detected attacks does not diminish the risk, as unauthenticated remote code execution on a widely used automation platform could lead to credential theft, lateral movement and further compromise of connected services.
Administrators should immediately apply the ServiceNow patch for all affected releases, verify the current version through the instance administration console and test the update in a non‑production environment before rolling it out broadly.
For Ivanti Xtraction, administrators are advised to consult the security advisory and install the latest tool update; Fortinet customers should review the published advisories, apply the recommended fixes for FortiAuthenticator and FortiSandbox and consider restricting administrative interfaces to trusted networks until patches are applied.