Feed›Vulnerability›Fortinet warns of critical RCE flaws in FortiSandbox and For...

VulnerabilityBleeping Computer

9.8 — CRITICAL

Fortinet warns of critical RCE flaws in FortiSandbox and FortiAuthenticator

📅 12 May 2026 at 18:23 UTC📰 Bleeping ComputerView original source ↗

Fortinet has released security patches for two critical vulnerabilities in FortiSandbox and FortiAuthenticator that could enable attackers to run commands or arbitrary code. [...]

🤖 AI BriefingAuto-generated threat analysis

🔍Threat Overview

Fortinet has released security updates to address two critical vulnerabilities in FortiSandbox and FortiAuthenticator, which could enable attackers to run commands or arbitrary code on unpatched systems. The vulnerabilities are frequently exploited in ransomware and cyber-espionage attacks.

⚙️Technical Details

CVEs

2026-442772026-260832026-216432026-35616

Affected Systems

FortiAuthenticatorFortiSandbox

Attack Vectors

NETWORK

💥Impact Assessment

Severity: CRITICAL

Who Is at Risk

Federal agencies and organizations using Fortinet FortiAuthenticator and FortiSandbox

🛡️Recommended Actions

1Apply the latest security updates to FortiAuthenticator and FortiSandbox

2Monitor for suspicious activity on unpatched systems

3Implement additional security controls to prevent exploitation of these vulnerabilities

📦Affected Products

Fortinet ForticlientemsFortinet FortiAuthenticatorFortinet FortiSandbox

🔐NVD Verified DataVERIFIED

CVE-2026-44277 ↗CVSS 9.8 — CRITICAL

Attack Vector

NETWORK

Complexity

LOW

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Weaknesses

CWE-284

CVE-2026-26083 ↗CVSS 9.8 — CRITICAL

Attack Vector

NETWORK

Complexity

LOW

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Weaknesses

CWE-862

CVE-2026-21643 ↗CVSS 9.8 — CRITICAL

Attack Vector

NETWORK

Complexity

LOW

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Weaknesses

CWE-89

Affected Products (CPE)

Fortinet Forticlientems

Advisories

📋 https://fortiguard.fortinet.com/psirt/FG-IR-25-1142

CVE-2026-35616 ↗CVSS 9.8 — CRITICAL

Attack Vector

NETWORK

Complexity

LOW

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Weaknesses

CWE-284

Affected Products (CPE)

Fortinet Forticlientems

Patches & References

🔧 https://fortiguard.fortinet.com/psirt/FG-IR-26-099 📋 https://fortiguard.fortinet.com/psirt/FG-IR-26-099

Read the full article

This is a curated summary. The complete article is available at Bleeping Computer.

Read on Bleeping Computer ↗

← Back to feed