Vulnerability Management

Fortinet addresses critical vulnerabilities in FortiSandbox and FortiAuthenticator

(Credit: Rafael Henrique – stock.adobe.com)

Fortinet has released security updates to address two critical vulnerabilities in its FortiSandbox and FortiAuthenticator products, which could allow attackers to execute arbitrary code on unpatched systems, according to a recent report by Bleeping Computer.

The first vulnerability, CVE-2026-44277, affects FortiAuthenticator's Identity and Access Management solution and was patched in versions 6.5.7, 6.6.9, and 8.0.3. It allows unauthenticated attackers to execute unauthorized code or commands through crafted requests. The second vulnerability, CVE-2026-26083, impacts FortiSandbox systems, including cloud and PaaS versions, and permits unauthenticated attackers to execute unauthorized code or commands via HTTP requests.

While Fortinet has not confirmed these flaws are actively exploited, Fortinet products are frequently targeted in ransomware and cyber-espionage attacks. The U.S. Cybersecurity and Infrastructure Security Agency has added 24 Fortinet vulnerabilities to its catalog of actively exploited flaws in recent years, with 13 being used in ransomware attacks.

Source: Bleeping Computer

Related Events

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds