A wave of product vulnerabilities hits security vendors and enterprise software
Numerous vendors disclosed severe flaws across the security and enterprise software stack, including Zoom, FortiSandbox, FreeRDP, NGINX, SAP, Adobe, Siemens, Schneider Electric, and Ivanti. Some of these issues were remote or unauthenticated, while others could expose internal analysis environments or enable code execution. Zoom fixed a critical Windows account-takeover flaw, Fortinet patched a VNC exposure in FortiSandbox, and CISA and national agencies added several vendor bugs to the exploited-vulnerabilities catalog. The breadth of affected products shows that even security tooling itself can become a target and a pivot point. This matters because defenders often trust these products deeply and may underestimate the urgency of patching them. The common thread is that no vendor category is immune, and security teams must treat their own tooling as part of the attack surface.
Sources
- Zoom Fixes CVE-2026-53412, a Critical Account Takeover Bug — Security Affairs
- FortiSandbox CVE-2026-59835 exposes sandbox VNC sessions without authentication — /r/cybersecurity
- FreeRDP 3.29.0 security update resolves 22 advisories — Help Net Security
- Critical NGINX vulnerability discovered: hackers can attempt to crash servers or even gain code execution — /r/cybersecurity
- SAP Security Patch Day — ACN — CSIRT Italia
- Adobe: aggiornamenti di sicurezza — ACN — CSIRT Italia


Leave a Reply