Advertisement
Security

Patching Enterprise Software Ecosystems

ServiceNow, Ivanti, and Fortinet address a wave of critical vulnerabilities, highlighting the ongoing strain on infrastructure security.

··2 hours ago·2 min read
a close up of a network with wires connected to it
Photo by Albert Stoynov on Unsplash
Advertisement

Enterprise infrastructure remains in a state of constant maintenance as major technology vendors work to address security gaps. This Tuesday, a significant coordinated effort resulted in the deployment of patches across the portfolios of ServiceNow, Ivanti, and Fortinet to mitigate a total of 15 distinct vulnerabilities.

Critical Flaws in AI Platforms

The most pressing concern involves the ServiceNow AI platform, which suffered from a critical remote code execution (RCE) vulnerability. Tracked as CVE-2026-6875, the flaw carries a CVSS score of 9.5 and notably allows for exploitation without requiring any authentication from the attacker. The company confirmed it has already moved to secure its environment.

ServiceNow addressed this vulnerability by deploying a security update to hosted instances. Relevant security updates have also been provided to ServiceNow self-hosted customers and partners.

— ServiceNow, in a statement regarding the vulnerability.

Addressing Ivanti and Fortinet Risks

Ivanti addressed two security defects within its Xtraction data aggregation and visualization tool. These vulnerabilities, identified as CVE-2026-14902 and CVE-2026-14903, include a medium-severity open redirect and a high-severity path traversal issue, respectively. The latter could potentially permit unauthorized parties to read arbitrary files from outside the intended web root.

Simultaneously, Fortinet released 11 advisories covering 12 vulnerabilities across an extensive list of hardware and software, including FortiOS, FortiProxy, and FortiSandbox. The most severe of these are high-severity bugs that allow unauthenticated remote attackers to retrieve sensitive information or interact with the VNC server of virtual machines during scanning operations.

  • 15 total vulnerabilities were resolved across the three vendors.
  • CVE-2026-6875 in ServiceNow holds a critical 9.5 CVSS severity score.
  • Fortinet published 11 distinct security advisories covering 12 separate bugs.
  • There are currently no reports of these vulnerabilities being exploited in the wild.

The Reality of Enterprise Maintenance

While the volume of vulnerabilities identified across these platforms is high, the immediate focus for security teams should be on the deployment of provided updates. Both ServiceNow and Ivanti have explicitly stated they are not currently aware of any evidence indicating that the vulnerabilities have been leveraged in active attacks. Similarly, Fortinet has made no mention of active exploitation regarding its newly patched flaws.

For organizations relying on these tools, the primary risk is not just the presence of the vulnerabilities, but the operational burden of applying patches across diverse environments—ranging from cloud-hosted instances to complex, self-managed software stacks. As vendors continue to discover and resolve these issues, the persistence of these security cycles underscores the necessity of continuous monitoring and rapid patch management to prevent potential future exploitation of these known, but now mitigated, entry points.

#cybersecurity#vulnerability#patch#infosec#enterprise

Xploitwire Editorial Team

Xploitwire Newsroom

This article was researched and drafted with AI assistance and reviewed by our editorial team before publication. About Xploitwire →

← Back to all stories
Advertisement