Fortinet Releases Critical Security Updates Addressing Multiple Vulnerabilities Across Key Products
On April 14, 2026, Fortinet, a global leader in cybersecurity solutions, issued a comprehensive set of security advisories addressing 11 vulnerabilities across several of its core products. These vulnerabilities, which range in severity from Critical to Low, affect FortiSandbox, FortiOS, FortiAnalyzer, FortiManager, FortiProxy, FortiPAM, and FortiSwitchManager. Enterprise administrators are strongly urged to apply the necessary patches immediately to mitigate potential security risks.
Critical Vulnerabilities in FortiSandbox
The most severe vulnerabilities identified are within FortiSandbox, Fortinet’s advanced threat detection solution.
– CVE-2026-39808 (FG-IR-26-100): This Critical-rated OS command injection flaw resides in FortiSandbox and FortiSandbox PaaS. The vulnerability, rooted in improper neutralization of special elements used in OS commands (CWE-78), affects FortiSandbox versions 4.4.4 through 4.4.8 and FortiSandbox PaaS versions up to 23.4.4374. An unauthenticated remote attacker could exploit this flaw to execute arbitrary OS commands on the underlying system, potentially leading to full device compromise.
– CVE-2026-39813 (FG-IR-26-112): Another Critical vulnerability, this path traversal issue (CWE-24) exists in FortiSandbox’s JRPC API. Affecting FortiSandbox versions 5.0.1 through 5.0.5, this unauthenticated flaw may allow attackers to bypass authentication mechanisms entirely and escalate privileges without any valid credentials, posing a significant security risk.
High-Severity Vulnerabilities
In addition to the Critical vulnerabilities, Fortinet has addressed several High-severity issues:
– CVE-2026-22828 (FG-IR-26-121): This heap-based buffer overflow vulnerability (CWE-122) is found in the oftpd daemon of FortiAnalyzer Cloud and FortiManager Cloud. Affecting versions 7.6.2 through 7.6.4, this unauthenticated, network-exposed flaw could be exploited by a remote attacker to execute arbitrary code or crash the affected service. No authentication is required, significantly increasing its exploitability.
Medium and Low-Severity Vulnerabilities
Fortinet also addressed several Medium and Low-severity vulnerabilities across its product suite:
– CVE-2025-53847 (FG-IR-26-125): This Medium-rated vulnerability involves missing authentication for a critical function (CWE-306) in the CAPWAP daemon of FortiOS and FortiSwitchManager. Affecting FortiOS versions 7.4.8 through 7.6.3, this flaw is accessible without authentication from an internal network, making it a priority for organizations with segmented enterprise network environments.
– CVE-2026-27316 (FG-IR-26-113): A Low-severity issue, this vulnerability pertains to insufficiently protected credentials (CWE-522) in the FortiSandbox and FortiSandbox PaaS web GUI, specifically within the LDAP configuration page. Affecting FortiSandbox versions 5.0.1–5.0.5 and PaaS versions up to 23.4.4374, it potentially exposes LDAP bind credentials to authenticated users with GUI access.
Path Traversal, Cross-Site Scripting, and SQL Injection Vulnerabilities
The security advisories also include fixes for path traversal, cross-site scripting (XSS), and SQL injection vulnerabilities:
– CVE-2026-25691 (FG-IR-26-115): This Medium-rated path traversal vulnerability affects FortiSandbox’s vmimages delete feature, enabling arbitrary directory deletion by authenticated GUI users.
– CVE-2025-68649 (FG-IR-26-120): A Medium-rated path traversal issue in the CLI interfaces of FortiAnalyzer, FortiAnalyzer Cloud, FortiManager, and FortiManager Cloud across the 7.6.x and 7.4.x branches.
– CVE-2025-61624 (FG-IR-26-122): This Medium-rated vulnerability impacts the CLI components of FortiOS, FortiPAM, FortiProxy, and FortiSwitchManager across multiple versions.
– CVE-2026-39812 (FG-IR-26-110): A stored XSS vulnerability affecting FortiSandbox and FortiSandbox PaaS versions 5.0.1–5.0.5.
– CVE-2025-61886 (FG-IR-26-109): A reflected XSS flaw in FortiSandbox’s Operation Center.
Recommendations for Users
Given the severity and breadth of these vulnerabilities, Fortinet strongly recommends that all users:
1. Review the Security Advisories: Carefully examine the detailed advisories provided by Fortinet to understand the specific vulnerabilities affecting your deployed products.
2. Apply Patches Promptly: Implement the recommended patches and updates without delay to mitigate potential exploitation risks.
3. Monitor Systems: Continuously monitor your systems for any unusual activity that may indicate attempted exploitation of these vulnerabilities.
4. Review Security Configurations: Ensure that all security configurations are in line with best practices to prevent unauthorized access and potential breaches.
By taking these proactive steps, organizations can significantly reduce the risk posed by these vulnerabilities and enhance the overall security posture of their Fortinet deployments.
