Critical Vulnerabilities Patched in Fortinet, Ivanti Products
Multiple critical OS command injection vulnerabilities have been patched in Fortinet and Ivanti products. These flaws allow remote, unauthenticated attackers to execute arbitrary code, including with root privileges, on vulnerable systems. Fortinet addressed a critical OS command injection issue in FortiSandbox and related products, while Ivanti patched critical command injection and authentication bypass vulnerabilities in Sentry and Endpoint Manager Mobile. No evidence of exploitation in the wild has been reported. Patches are available for all identified vulnerabilities.
AI Analysis
Technical Summary
Fortinet and Ivanti released security updates addressing multiple critical vulnerabilities, primarily OS command injection flaws exploitable remotely without authentication. Fortinet's most severe issue, CVE-2026-25089 (CVSS 9.8), affects FortiSandbox and related cloud and PaaS products, allowing arbitrary command execution via crafted HTTP requests. Ivanti patched CVE-2026-10520 (CVSS 10) in Sentry, enabling remote root-level code execution, and CVE-2026-10523 (CVSS 9.9), an authentication bypass allowing creation of admin accounts. Additional medium and high severity vulnerabilities were also fixed. No active exploitation has been observed. Fortinet patched affected versions FortiSandbox 5.0.6 and 4.4.9, FortiSandbox Cloud 5.0.6, and FortiSandbox PaaS 5.0.6. Ivanti released Sentry versions 10.5.2, 10.6.2, 10.7.1 and Endpoint Manager Mobile versions 12.9.0.1, 12.8.0.3, and 12.7.0.2 with fixes.
Potential Impact
Successful exploitation of these vulnerabilities allows remote, unauthenticated attackers to execute arbitrary OS commands with root privileges on affected Fortinet and Ivanti products. This can lead to full system compromise, unauthorized administrative access, and potential control over network appliances. The authentication bypass in Ivanti Sentry further enables attackers to create privileged user accounts, escalating access without prior credentials. No exploitation in the wild has been reported to date.
Mitigation Recommendations
Official patches have been released by Fortinet and Ivanti for all identified vulnerabilities. Organizations should promptly apply Fortinet patches for FortiSandbox versions 5.0.6 and 4.4.9, FortiSandbox Cloud 5.0.6, and FortiSandbox PaaS 5.0.6. Ivanti users should upgrade to Sentry versions 10.5.2, 10.6.2, or 10.7.1 and Endpoint Manager Mobile versions 12.9.0.1, 12.8.0.3, or 12.7.0.2. No additional mitigations are indicated by the vendors. Monitoring for unusual activity remains prudent but is not a substitute for patching.
Critical Vulnerabilities Patched in Fortinet, Ivanti Products
Description
Multiple critical OS command injection vulnerabilities have been patched in Fortinet and Ivanti products. These flaws allow remote, unauthenticated attackers to execute arbitrary code, including with root privileges, on vulnerable systems. Fortinet addressed a critical OS command injection issue in FortiSandbox and related products, while Ivanti patched critical command injection and authentication bypass vulnerabilities in Sentry and Endpoint Manager Mobile. No evidence of exploitation in the wild has been reported. Patches are available for all identified vulnerabilities.
Affected software
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
Fortinet and Ivanti released security updates addressing multiple critical vulnerabilities, primarily OS command injection flaws exploitable remotely without authentication. Fortinet's most severe issue, CVE-2026-25089 (CVSS 9.8), affects FortiSandbox and related cloud and PaaS products, allowing arbitrary command execution via crafted HTTP requests. Ivanti patched CVE-2026-10520 (CVSS 10) in Sentry, enabling remote root-level code execution, and CVE-2026-10523 (CVSS 9.9), an authentication bypass allowing creation of admin accounts. Additional medium and high severity vulnerabilities were also fixed. No active exploitation has been observed. Fortinet patched affected versions FortiSandbox 5.0.6 and 4.4.9, FortiSandbox Cloud 5.0.6, and FortiSandbox PaaS 5.0.6. Ivanti released Sentry versions 10.5.2, 10.6.2, 10.7.1 and Endpoint Manager Mobile versions 12.9.0.1, 12.8.0.3, and 12.7.0.2 with fixes.
Potential Impact
Successful exploitation of these vulnerabilities allows remote, unauthenticated attackers to execute arbitrary OS commands with root privileges on affected Fortinet and Ivanti products. This can lead to full system compromise, unauthorized administrative access, and potential control over network appliances. The authentication bypass in Ivanti Sentry further enables attackers to create privileged user accounts, escalating access without prior credentials. No exploitation in the wild has been reported to date.
Mitigation Recommendations
Official patches have been released by Fortinet and Ivanti for all identified vulnerabilities. Organizations should promptly apply Fortinet patches for FortiSandbox versions 5.0.6 and 4.4.9, FortiSandbox Cloud 5.0.6, and FortiSandbox PaaS 5.0.6. Ivanti users should upgrade to Sentry versions 10.5.2, 10.6.2, or 10.7.1 and Endpoint Manager Mobile versions 12.9.0.1, 12.8.0.3, or 12.7.0.2. No additional mitigations are indicated by the vendors. Monitoring for unusual activity remains prudent but is not a substitute for patching.
Technical Details
- Article Source
- {"url":"https://www.securityweek.com/critical-vulnerabilities-patched-in-fortinet-ivanti-products/","fetched":true,"fetchedAt":"2026-06-10T08:55:47.765Z","wordCount":984}
Threat ID: 6a2926938dd33fbd85149e59
Added to database: 6/10/2026, 8:55:47 AM
Last enriched: 6/10/2026, 8:55:58 AM
Last updated: 6/10/2026, 2:00:53 PM
Views: 16
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.