Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Watchlists Beta Browse News Feed Stats About Contact

Fortinet and Ivanti multi-product security patch release

Security Patch Release
First reported
Last updated
Happening score
H score 46
1 unique sources, 1 articles

Summary

Hide ▲

Fortinet and Ivanti released patches on Tuesday for multiple product flaws, including critical OS command injection and authentication-bypass bugs that could enable remote compromise. The update spans FortiSandbox, FortiOS, FortiProxy, FortiPortal, Sentry, and Endpoint Manager Mobile (EPMM).

Related Happenings

FortiClient EMS CVE-2026-35616 exploitation wave

Exploitation Wave
H score56 First: 28.05.2026 18:26 Last: 28.05.2026 18:26 Sources 1

About this happening: **CVE-2026-35616** exploitation in **FortiClient Enterprise Management Server (EMS)** is being used to deliver the undocumented credential stealer **EKZ**. Attackers are abusing u...

Open Happening

Ivanti security patch release for CVE-2026-8043

Security Patch Release
H score25 First: 18.05.2026 13:54 Last: 18.05.2026 13:54 Sources 1

About this happening: **Ivanti, Fortinet, SAP, Broadcom, and n8n** released **security fixes** on **2026-05-18** for flaws that could enable **authentication bypass**, **remote code execution**, **SQL...

Open Happening

Fortinet security patch release for CVE-2026-44277

Security Patch Release
H score50 First: 12.05.2026 21:23 Last: 12.05.2026 21:23 Sources 1

About this happening: Fortinet released **security updates** for **FortiSandbox** and **FortiAuthenticator** to fix **two critical vulnerabilities** that could let an **unauthenticated attacker** execu...

Open Happening

Ivanti EPMM patch release for CVE-2026-5786, CVE-2026-5787, CVE-2026-5788, and CVE-2026-7821

Security Patch Release
H score50 First: 07.05.2026 18:20 Last: 07.05.2026 18:20 Sources 1

About this happening: Ivanti released a security update for on-prem Endpoint Manager Mobile (EPMM) covering CVE-2026-5786, CVE-2026-5787, CVE-2026-5788, and CVE-2026-7821. The patch addresses high-seve...

Latest development: 07.05.2026 20:55

Ivanti released fixes for CVE-2026-5786, CVE-2026-5787, CVE-2026-5788, and CVE-2026-7821 in Endpoint Manager Mobile (EPMM). The updates apply only to on-prem EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1, and Ivanti said the issues are not present in Ivanti Neurons for MDM, Ivanti EPM, Ivanti Sentry, or other Ivanti products.

Open Happening

Fortinet FortiClient EMS emergency patch release (CVE-2026-35616, CVE-2026-21643)

Security Patch Release
H score59 First: 07.04.2026 12:26 Last: 07.04.2026 12:26 Sources 1

About this happening: **Fortinet FortiClient EMS** is a **security-patch release** happening centered on **CVE-2026-35616** and **CVE-2026-21643**. Fortinet issued an **out-of-band emergency hotfix** a...

Latest development: 28.05.2026 18:26

Arctic Wolf observed threat actors abusing FortiClient Endpoint Management Server (EMS) and CVE-2026-35616 in May 2026 to modify EMS-managed configuration, disguise FortiEndpoint_Patch.exe as a Fortinet endpoint update, and use fortitray.exe, cmd.exe, and a Base64-encoded PowerShell chain to download malware and exfiltrate browser data to 83.138.53[.]110.

Open Happening

Timeline

  1. 10.06.2026 11:50 2 articles · 1h ago

    Fortinet and Ivanti roll out fixes for critical product vulnerabilities

    Mitigation Patch Update

    Fortinet and Ivanti rolled out fixes for multiple vulnerabilities across FortiSandbox, FortiSandbox Cloud, FortiSandbox PaaS WEB UI, FortiOS, FortiProxy, FortiPortal API, Sentry, and Endpoint Manager Mobile (EPMM). The patched issues include CVE-2026-25089, CVE-2026-10520, CVE-2026-10523, CVE-2026-6973, and CVE-2026-10727, covering critical OS command injection, authentication bypass, remote code execution, and arbitrary-command flaws.

    Show sources
    Open in new tab