Fortinet, Ivanti, and ServiceNow on Tuesday rolled out patches for 15 vulnerabilities across their products.
ServiceNow resolved a critical remote code execution (RCE) flaw in the ServiceNow AI platform that can be exploited without authentication. The bug is tracked as CVE-2026-6875 (CVSS score of 9.5).
“ServiceNow addressed this vulnerability by deploying a security update to hosted instances. Relevant security updates have also been provided to ServiceNow self-hosted customers and partners,” the company said.
Ivanti released fixes for two security defects in its data aggregation and visualization tool Xtraction, tracked as CVE-2026-14902 and CVE-2026-14903.
A medium-severity open redirect and a high-severity path traversal, the weaknesses could allow attackers to redirect users to arbitrary external URLs and read arbitrary files outside the web root.
ServiceNow and Ivanti say they are not aware of the addressed vulnerabilities being exploited in the wild.
On Tuesday, Fortinet published 11 security advisories detailing 12 vulnerabilities in FortiOS, FortiProxy, FortiSASE, FortiSIEM, FortiClient EMS, FortiAuthenticator, FortiPAM, FortiSwitch Manager, FortiSwitch-Manager Agentless SSL-VPN, and FortiSandbox.
The most severe of these flaws are high-severity bugs in FortiAuthenticator and FortiSandbox that could be exploited by remote unauthenticated attackers to retrieve sensitive information and access the VNC server of VMs performing scanning.
Fortinet also fixed medium- and low-severity issues leading to memory leaks, command execution, arbitrary header injection, interception and modification of authentication requests, impersonation of an AD Connector via a valid API Key, deletion of the file system, and code execution.
The company makes no mention of any of these security defects being exploited in attacks.
Related: Progress Confirms Zero-Day Vulnerability Behind ShareFile Disruption
Related: ICS Patch Tuesday: Vulnerabilities Fixed by Siemens, Schneider, Rockwell
Related: Critical Vulnerabilities Patched With Fresh Chrome 150, Firefox 152 Updates
Related: SonicWall Issues Urgent SMA Patch Warning for Two Zero-Day Exploits
