Vulnerabilities Patched by Fortinet, Ivanti, ServiceNow
Fortinet, Ivanti, and ServiceNow on Tuesday rolled out patches for 15 vulnerabilities across their products.
ServiceNow resolved a critical remote code execution (RCE) flaw in the ServiceNow AI platform that can be exploited without authentication. The bug is tracked as CVE-2026-6875 (CVSS score of 9.5).
“ServiceNow addressed this vulnerability by deploying a security update to hosted instances. Relevant security updates have also been provided to ServiceNow self-hosted customers and partners,” the company said.
Ivanti released fixes for two security defects in its data aggregation and visualization tool Xtraction, tracked as CVE-2026-14902 and CVE-2026-14903.
A medium-severity open redirect and a high-severity path traversal, the weaknesses could allow attackers to redirect users to arbitrary external URLs and read arbitrary files outside the web root.
ServiceNow and Ivanti say they are not aware of the addressed vulnerabilities being exploited in the wild.
Advertisement. Scroll to continue reading.
On Tuesday, Fortinet published11...
Copyright of this story solely belongs to securityweek.com. To see the full text click HERE