← All stories
● Covered by 1 source · 1 reportMedium impact

Fortinet, Ivanti, and ServiceNow Release Patches for Multiple Vulnerabilities

Aggregated by BrevFeed security · updated 6h ago
🔖 Save

Fortinet, Ivanti, and ServiceNow patched 15 vulnerabilities across their products, including a critical flaw in ServiceNow's AI platform. These updates are crucial for securing systems against potential exploitation, though no active attacks have been reported.

Key points

Overview of Vulnerabilities Patched

On Tuesday, Fortinet, Ivanti, and ServiceNow rolled out patches addressing 15 vulnerabilities across their platforms. These updates are aimed at enhancing the security of their respective systems and protecting users from potential exploitation.

ServiceNow's Critical Vulnerability Fix

ServiceNow resolved a critical remote code execution (RCE) vulnerability in its AI platform, tracked as CVE-2026-6875, which has a CVSS score of 9.5. The company indicated that this flaw could be exploited without authentication, making it particularly concerning.

Ivanti's Security Updates

Ivanti released patches for two vulnerabilities in its Xtraction data tool, CVE-2026-14902 and CVE-2026-14903. The first is a medium-severity open redirect vulnerability, while the second is a high-severity path traversal flaw that could allow unauthorized access to external URLs and sensitive files.

Fortinet's Advisory and Vulnerability Details

Fortinet issued 11 security advisories detailing 12 vulnerabilities across various products including FortiOS and FortiSandbox. Notably, high-severity issues were identified that could allow unauthenticated attackers to access sensitive information and VNC servers.

Status of Exploitations

Both ServiceNow and Ivanti have stated that there are currently no known exploitations of the patched vulnerabilities in the wild. Fortinet also mentioned no known attacks related to the disclosed security defects.

✨ This summary was generated by AI from the outlets' reporting listed below. It is not independently verified and may contain errors — check the original sources. How BrevFeed works →

Primary sources

CVE CVE-2026-68759.5 CRITICAL CVE CVE-2026-149024.0 MEDIUM CVE CVE-2026-149037.7 HIGH

Reporting from

Fortinet, Ivanti, and ServiceNow patched 15 vulnerabilities across their products, including a critical flaw in ServiceNow's AI platform. These updates are crucial for securing systems against potential exploitation, though no active attacks have been reported.