Three enterprise vendors. Eight critical CVEs. One of them scoring a perfect 10.0. The June 2026 patch cycle from Ivanti, Fortinet, and SAP isn’t just another Tuesday — it’s a reminder that the most boring class of bug in the textbook, OS command injection, is still walking through the front door of security appliances designed to keep attackers out.
The headline number belongs to Ivanti. According to the company’s June 9 advisory, CVE-2026-10520 in Ivanti Sentry (formerly MobileIron Sentry) carries a CVSS score of 10.0 and lets a remote, unauthenticated attacker hit root on the box. The bug lives in a Mobile Device Management gateway — the exact piece of infrastructure that sits between the public internet and an organization’s mobile fleet. If your security perimeter has a name like “Sentry” on it, you should not be reading this; you should be patching.
How a Pre-Auth Command Injection Becomes Root on Your MDM
The details from watchTowr Labs are worth reading slowly. Researcher Sonny Macdonald showed that an attacker can send a crafted HTTP request to /mics/API/v2/sentry/mics-config/handleMessage, which the backend interprets as a MICS configuration command and hands to a function literally named handleExecute(). No authentication. No session. Just a POST and a shell.
Why it matters: Ivanti Sentry brokers traffic between mobile devices and back-end systems like Exchange and SharePoint. Root-level RCE on that gateway is a credential goldmine — attackers can intercept ActiveSync traffic, pivot into internal email, and establish persistence on a host that is, by design, allowed to talk to sensitive enterprise services. The companion bug, CVE-2026-10523 (CVSS 9.9), lets the same unauthenticated attacker create administrative accounts outright. Chain them and you’ve got durable, legitimate-looking admin access.
Practical scenario: if you’re running Ivanti Sentry on any version below R10.5.2, R10.6.2, or R10.7.1, assume the endpoint is reachable from somewhere it shouldn’t be and treat patching as a same-day operation, not a sprint task. Macdonald’s note is biting — Ivanti’s fix doesn’t just sanitize the input, it “added a layer of protection in front of it to make reaching the endpoint significantly more difficult. In other words: they added authentication.” The fact that an MDM gateway shipped a config-execution endpoint without auth in the first place is the real story.
Our take: expect a public proof-of-concept within days of this advisory, and expect ransomware affiliates to weaponize it before the end of the month. Pre-auth RCE on edge appliances is the highest-ROI exploit class on the market.
The Fortinet Sandbox Bug Nobody Will Talk About
Fortinet’s contribution to the week is CVE-2026-25089 (CVSS 9.1), a command injection in the WEB UI of FortiSandbox, FortiSandbox Cloud, and FortiSandbox PaaS. Per Fortinet’s PSIRT advisory FG-IR-26-141, an unauthenticated attacker can execute arbitrary OS commands via specifically crafted HTTP requests. Affected versions span FortiSandbox 5.0.0–5.0.5 and 4.4.0–4.4.8, plus the Cloud and PaaS variants in the 5.0.4–5.0.5 range.
Why it matters: FortiSandbox is the product enterprises use to detonate suspicious files in an isolated environment. The irony of a code execution flaw in the system you bought to safely run untrusted code is not subtle. More importantly, sandboxes typically have outbound network access (to simulate real-world execution) and inbound feeds from email gateways and firewalls. A compromised FortiSandbox is a perfect listening post.
Practical scenario: if you’re a managed security provider running FortiSandbox PaaS for multiple tenants, the blast radius isn’t one customer — it’s every customer whose malware samples flow through that instance. Upgrade paths are clear: 5.0.6+ or 4.4.9+. There is no excuse to wait.
Our take: edge security appliances will keep being the soft underbelly of enterprise networks for at least another two years. The 2025 Ivanti and Fortinet exploit waves were a preview; 2026 is the sequel.
SAP’s SAML Bug Is the One Auditors Should Lose Sleep Over
SAP’s June Security Patch Day shipped four critical fixes, but CVE-2026-44748 (CVSS 9.9) is the one to stop on. According to SAP security firm Onapsis, it’s an XML signature wrapping vulnerability in SAML authentication for SAP NetWeaver AS ABAP and ABAP Platform. The attack: an authenticated user with normal privileges grabs a valid signed message, modifies the identity claims inside it, and the verifier accepts the tampered XML as if it were the original.
Why it matters: SAP NetWeaver runs the financial and HR backbone for a huge swath of the Fortune 500. SAML signature wrapping means a low-privilege contractor account can impersonate a CFO or a basis administrator inside the same SAP tenant. That’s not an exploit — that’s a SOX violation waiting to be discovered six months from now. Add CVE-2026-27671 (CVSS 9.8), a memory corruption flaw in the ABAP kernel triggered by a crafted RFC request from an unauthenticated attacker, and SAP shops have two distinct paths to total compromise.
Practical scenario: if you’re running an SAP environment that processes patient billing or pharmaceutical orders, the audit trail implications are severe. Teams building healthcare software that integrates with SAP for claims processing need to validate not just the patch level but also the SAML assertion handling in any custom middleware. The same applies to anyone running SAP for supply chain traceability — a tampered identity claim on a procurement workflow can rewrite who approved what, and standard relational audit logs will happily record the forged version as fact. (This is exactly the integrity gap that pushes some teams toward append-only ledgers, though the trade-offs vs. traditional databases aren’t free.)
Our take: XML signature wrapping has been a known class of attack since 2005. The fact that it’s still shipping in 2026 in SAP’s flagship authentication stack tells you everything about how slowly enterprise crypto stacks evolve. Expect at least one CISA KEV addition from this batch before Q3.
FAQ
Q: Are any of these vulnerabilities being actively exploited? A: According to the original report, there is no evidence as of June 10, 2026 that any of the Ivanti, Fortinet, or SAP flaws have been exploited in the wild. That window typically closes fast — proof-of-concept code for high-CVSS edge appliance bugs has historically appeared within days of disclosure.
Q: What is XML signature wrapping? A: It’s an attack against XML-based authentication protocols like SAML where an attacker takes a legitimately signed message, wraps or reorders its elements so that the signature still validates against one part of the document while the verifier reads identity claims from a different, attacker-controlled part. The result is that tampered identity data is accepted as authentic.
Q: Why are MDM and sandbox appliances such frequent targets? A: They sit at network boundaries, must accept untrusted input by design, and historically ship with web management interfaces that were not built with the same threat model as public-facing web apps. Slow enterprise patching cycles make them high-value, low-effort targets.
Key Takeaways
- Treat any Ivanti Sentry instance below R10.5.2, R10.6.2, or R10.7.1 as presumptively compromised until proven otherwise — CVSS 10.0 pre-auth RCE does not get patched on next month’s change window.
- Audit your security appliances the way you audit your customer-facing apps; the FortiSandbox bug proves defensive tools carry their own attack surface.
- For SAP shops, the SAML signature wrapping flaw demands more than a patch — it demands a review of every custom identity provider integration touching NetWeaver AS ABAP.
- Procurement teams should start asking vendors for SBOMs and pre-auth endpoint inventories before renewals; “trust us” is no longer a defensible answer.
- The next twelve months will see more, not fewer, critical pre-auth bugs in edge security gear — budget for emergency patching cycles accordingly.