Fortinet has released security updates to address two critical vulnerabilities in its FortiSandbox and FortiAuthenticator products, which could allow attackers to execute arbitrary code on unpatched systems, according to a recent report by Bleeping Computer.The first vulnerability, CVE-2026-44277, affects FortiAuthenticator's Identity and Access Management solution and was patched in versions 6.5.7, 6.6.9, and 8.0.3. It allows unauthenticated attackers to execute unauthorized code or commands through crafted requests. The second vulnerability, CVE-2026-26083, impacts FortiSandbox systems, including cloud and PaaS versions, and permits unauthenticated attackers to execute unauthorized code or commands via HTTP requests.While Fortinet has not confirmed these flaws are actively exploited, Fortinet products are frequently targeted in ransomware and cyber-espionage attacks. The U.S. Cybersecurity and Infrastructure Security Agency has added 24 Fortinet vulnerabilities to its catalog of actively exploited flaws in recent years, with 13 being used in ransomware attacks.Source: Bleeping Computer
Vulnerability Management
Fortinet addresses critical vulnerabilities in FortiSandbox and FortiAuthenticator

(Credit: Rafael Henrique – stock.adobe.com)
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds



