Fortinet has launched security updates to handle two crucial vulnerabilities in FortiSandbox and FortiAuthenticator that would allow attackers to run instructions or arbitrary code on unpatched techniques.
The primary one, tracked as CVE-2026-44277, impacts the corporate’s FortiAuthenticator Identification and Entry Administration (IAM) answer and was patched in FortiAuthenticator variations 6.5.7, 6.6.9, and eight.0.3.
“An Improper Entry Management vulnerability [CWE-284] in FortiAuthenticator could enable an unauthenticated attacker to execute unauthorized code or instructions by way of crafted requests,” Fortinet mentioned in a Tuesday advisory.
The corporate added that FortiAuthenticator Cloud (previously referred to as FortiTrust Identification), an Identification and Entry Administration as a Service (IDaaS) cloud service hosted and managed by Fortinet, shouldn’t be impacted by the difficulty.
Right this moment, Fortinet additionally addressed a lacking authorization weak point (CVE-2026-26083) that may be exploited to attain distant code execution on susceptible FortiSandbox techniques designed to guard in opposition to malicious exercise, together with zero-day threats.
“A lacking authorization vulnerability [CWE-862] in FortiSandbox, FortiSandbox Cloud and FortiSandbox PaaS WEB UI could enable an unauthenticated attacker to execute unauthorized code or instructions by way of HTTP requests,” it added.
Whereas the corporate did not tag these two security flaws as being exploited within the wild, Fortinet vulnerabilities are ceaselessly exploited in ransomware and cyber-espionage assaults, usually as zero-days.
For example, in February, it addressed one other crucial vulnerability (CVE-2026-21643) within the FortiClient Enterprise Administration Server (EMS) platform, which risk intelligence firm Defused flagged as actively exploited one month later.
Extra lately, the U.S. Cybersecurity and Infrastructure Safety Company (CISA) ordered federal businesses in early April to safe FortiClient Enterprise Administration Server (EMS) cases in opposition to an actively exploited authentication bypass flaw (CVE-2026-35616).
In complete, CISA has added 24 Fortinet vulnerabilities to its catalog of actively exploited security flaws lately, 13 of which had been additionally abused in ransomware assaults.
AI chained 4 zero-days into one exploit that bypassed each renderer and OS sandboxes. A wave of recent exploits is coming.
On the Autonomous Validation Summit (Might 12 & 14), see how autonomous, context-rich validation finds what’s exploitable, proves controls maintain, and closes the remediation loop.
Declare Your Spot
