Ivanti, Fortinet, and SAP Release Critical Security Patches for Vulnerabilities

Ivanti, Fortinet, and SAP released security updates to address multiple critical vulnerabilities enabling arbitrary code execution and information disclosure. Fortinet patched a command injection flaw in FortiSandbox, FortiSandbox Cloud, and FortiSandbox PaaS WEB UI, tracked as CVE-2026-25089 with a CVSS score of 9.1. The article does not specify additional CVEs or technical details for Ivanti or SAP vulnerabilities. No exact dates for the patch releases were provided beyond the publication context of June 2026. The impacts include potential unauthorized code execution and data exposure across affected products.