Fortinet, Ivanti Patch Critical Vulnerabilities
Successful exploitation of these flaws could lead to arbitrary code execution and information disclosure. The post Fortinet, Ivanti Patch Critical Vulnerabilities appeared first on SecurityWeek.
Fortinet and Ivanti on Tuesday announced patches for 18 vulnerabilities across their product portfolios, including three critical-severity bugs.
Fortinet published 11 advisories describing as many bugs, including two dealing with critical-severity code execution security defects.
Tracked as CVE-2026-44277 (CVSS score of 9.1), the first of them is an improper access control issue in FortiAuthenticator that could be exploited remotely, without authentication, via crafted requests.
Source: https://www.securityweek.com/fortinet-ivanti-patch-critical-vulnerabilities/
Related breach coverage
- Exploitation of Critical NGINX Vulnerability Begins2026-05-18
The flaw leads to denial-of-service on default configurations and to remote code execution if ASLR is disabled. The post Exploitation of Critical NGINX Vulnerability Begins appeared first on SecurityWeek.
- Microsoft, Palo Alto Networks Find Many Vulnerabilities by Using AI on Their Own Code2026-05-13
Microsoft’s MDASH discovered 16 of the Patch Tuesday vulnerabilities, and Palo Alto used Mythos to find dozens of flaws. The post Microsoft, Palo Alto Networks Find Many Vulnerabilities by Using AI on Their Own Code appeared first on SecurityWeek.
- PoC Code Published for Critical NGINX Vulnerability2026-05-16
Introduced in 2008, the critical-severity security defect was patched this week in NGINX Plus and NGINX open source. The post PoC Code Published for Critical NGINX Vulnerability appeared first on SecurityWeek.
- Chrome 148 Update Patches Critical Vulnerabilities2026-05-15
The refresh resolves critical-severity use-after-free and other types of bugs in various browser components. The post Chrome 148 Update Patches Critical Vulnerabilities appeared first on SecurityWeek.