The flaw in FortiAuthenticator, tracked as CVE-2026-44277, has a 9.1 CVSS severity rating and is described as an improper entry management difficulty. Profitable exploitation permits unauthenticated attackers to execute unauthorized code and instructions by sending particularly crafted requests.
An identification and entry administration (IAM) answer, FortiAuthenticator serves because the central hub for RADIUS, LDAP, and SAML authentication. It integrates with Energetic Listing and helps single sign-on and multi-factor authentication. To patch this new vulnerability, firms are suggested to improve to FortiAuthenticator 6.5.7, 6.6.9, or 8.0.3 relying on the discharge they’re utilizing.
The flaw in FortiSandbox is a lacking authorization difficulty that equally permits unauthenticated attackers to execute arbitrary code and instructions through HTTP requests. Tracked as CVE-2026-26083, the vulnerability additionally has a severity rating of 9.1.
FortiSandbox is a menace detection answer designed to determine zero-day threats through the use of machine studying to carry out static and dynamic evaluation on suspicious information inside an remoted surroundings. It integrates with different Fortinet security merchandise comparable to FortiGate and FortiMail and is available in totally different variants, together with {hardware} and digital home equipment.
