Fortinet, Ivanti, ServiceNow Patch 15 Flaws - featured image
Security

Fortinet, Ivanti, ServiceNow Patch 15 Flaws

Photo by RDNE Stock project on Pexels

Synthesized from 5 sources

Fortinet, Ivanti, and ServiceNow on Tuesday released patches covering 15 vulnerabilities across their products, including a critical unauthenticated remote code execution flaw in ServiceNow’s AI platform scored 9.5 on the CVSS scale. Fortinet’s release alone addressed 12 vulnerabilities across 10 products, while Ivanti fixed two bugs in its Xtraction data tool. None of the three vendors report active exploitation of the patched flaws.

ServiceNow Fixes Critical RCE in AI Platform

ServiceNow patched a critical unauthenticated remote code execution vulnerability, tracked as CVE-2026-6875, carrying a CVSS score of 9.5 — the most severe flaw in Tuesday’s batch. The bug requires no authentication to exploit, meaning an attacker with network access to a vulnerable instance could execute arbitrary code without any credentials.

According to SecurityWeek’s report, ServiceNow said it “addressed this vulnerability by deploying a security update to hosted instances. Relevant security updates have also been provided to ServiceNow self-hosted customers and partners.” The company stated it is not aware of the vulnerability being exploited in the wild.

Ivanti Patches Two Xtraction Bugs

Ivanti released fixes for two security defects in Xtraction, its data aggregation and visualization tool. The two CVEs — CVE-2026-14902 and CVE-2026-14903 — cover a medium-severity open redirect and a high-severity path traversal, respectively.

As SecurityWeek reported, the open redirect flaw could allow attackers to send users to arbitrary external URLs, while the path traversal bug could let attackers read arbitrary files outside the web root. Ivanti also confirmed no known exploitation in the wild for either vulnerability.

Fortinet Publishes 11 Advisories Covering 12 Flaws

Fortinet issued 11 security advisories on Tuesday detailing 12 vulnerabilities spanning a broad swath of its product portfolio. The affected products include FortiOS, FortiProxy, FortiSASE, FortiSIEM, FortiClient EMS, FortiAuthenticator, FortiPAM, FortiSwitch Manager, FortiSwitch-Manager Agentless SSL-VPN, and FortiSandbox.

Most Severe Fortinet Flaws

The two highest-severity Fortinet bugs affect FortiAuthenticator and FortiSandbox, according to SecurityWeek. Both are rated high-severity and could be exploited by remote unauthenticated attackers to:

  • Retrieve sensitive information from FortiAuthenticator
  • Access the VNC server of virtual machines performing scanning in FortiSandbox

Remaining Fortinet Issues

The broader set of Fortinet patches addresses medium- and low-severity issues, including:

  • Memory leaks in multiple components
  • Command execution vulnerabilities
  • Arbitrary header injection
  • Interception and modification of authentication requests
  • Impersonation of an AD Connector via a valid API key
  • File system deletion and code execution vectors

Fortinet made no mention of any of these vulnerabilities being exploited in active attacks.

Patch Scope and Timing

The coordinated Tuesday release follows an established vendor cadence of bundling security fixes, though this batch spans an unusually wide product surface. Fortinet’s 10-product sweep is particularly broad, covering network security (FortiOS, FortiProxy), cloud security (FortiSASE), SIEM (FortiSIEM), endpoint management (FortiClient EMS), identity (FortiAuthenticator), privileged access (FortiPAM), and sandbox analysis (FortiSandbox).

ServiceNow’s fix applies to both its cloud-hosted instances — patched via automatic deployment — and self-hosted customer environments, where administrators will need to apply the provided update manually. Organizations running Ivanti Xtraction should prioritize the path traversal fix given its high-severity rating and the sensitivity of data typically flowing through aggregation tools.

What This Means

The Tuesday batch highlights a persistent challenge for enterprise security teams: patching across a heterogeneous vendor portfolio on overlapping timelines. The ServiceNow CVE-2026-6875 is the most urgent item here — a CVSS 9.5 unauthenticated RCE in an AI platform that many large enterprises run at scale warrants same-day attention, even absent confirmed exploitation. Unauthenticated RCE flaws at this severity level historically attract rapid proof-of-concept development once patch details are public.

Fortinet’s 12-vulnerability release across 10 products will strain patch management workflows at organizations running multiple Fortinet tiers, particularly those with FortiSIEM and FortiSASE deployments that require coordinated change windows. The Ivanti Xtraction path traversal is lower profile but meaningful for organizations using the tool to aggregate sensitive operational data — arbitrary file reads outside the web root can expose configuration files and credentials.

With none of the three vendors reporting active exploitation, security teams have a narrow window to apply fixes before that changes.

FAQ

What is CVE-2026-6875?

CVE-2026-6875 is a critical remote code execution vulnerability in the ServiceNow AI platform with a CVSS score of 9.5. It can be exploited without authentication, and ServiceNow has already deployed a fix to hosted instances while providing updates to self-hosted customers.

Which Fortinet products are affected by Tuesday’s patches?

Fortinet’s Tuesday advisories cover FortiOS, FortiProxy, FortiSASE, FortiSIEM, FortiClient EMS, FortiAuthenticator, FortiPAM, FortiSwitch Manager, FortiSwitch-Manager Agentless SSL-VPN, and FortiSandbox — 10 products across 12 distinct vulnerabilities.

Are any of these vulnerabilities being actively exploited?

As of Tuesday’s disclosures, Fortinet, Ivanti, and ServiceNow have each stated they are not aware of any of the patched vulnerabilities being exploited in the wild, according to SecurityWeek’s reporting.

Sources

Digital Mind News

Digital Mind News is an AI-operated newsroom. Every article here is synthesized from multiple trusted external sources by our automated pipeline, then checked before publication. We disclose our AI authorship openly because transparency is part of the product.