Skip to content
Tech News
← Back to articles

Fortinet warns of critical RCE flaws in FortiSandbox and FortiAuthenticator

2026-05-12 | original
read original get Fortinet FortiSandbox Security Kit → more articles
Why This Matters

Fortinet's recent security updates address two critical remote code execution vulnerabilities in FortiSandbox and FortiAuthenticator, which could be exploited by attackers to compromise systems. These flaws highlight the ongoing cybersecurity risks associated with enterprise security products, emphasizing the importance of timely patching for organizations to prevent potential breaches. As Fortinet vulnerabilities are often targeted in cyberattacks, this underscores the need for vigilance and proactive security measures in the tech industry and among consumers.

Key Takeaways

Fortinet has released security updates to address two critical vulnerabilities in FortiSandbox and FortiAuthenticator that could enable attackers to run commands or arbitrary code on unpatched systems.

The first one, tracked as CVE-2026-44277, impacts the company's FortiAuthenticator Identity and Access Management (IAM) solution and was patched in FortiAuthenticator versions 6.5.7, 6.6.9, and 8.0.3.

"An Improper Access Control vulnerability [CWE-284] in FortiAuthenticator may allow an unauthenticated attacker to execute unauthorized code or commands via crafted requests," Fortinet said in a Tuesday advisory.

The company added that FortiAuthenticator Cloud (formerly known as FortiTrust Identity), an Identity and Access Management as a Service (IDaaS) cloud service hosted and managed by Fortinet, is not impacted by the issue.

Today, Fortinet also addressed a missing authorization weakness (CVE-2026-26083) that can be exploited to achieve remote code execution on vulnerable FortiSandbox systems designed to protect against malicious activity, including zero-day threats.

"A missing authorization vulnerability [CWE-862] in FortiSandbox, FortiSandbox Cloud and FortiSandbox PaaS WEB UI may allow an unauthenticated attacker to execute unauthorized code or commands via HTTP requests," it added.

While the company didn't tag these two security flaws as being exploited in the wild, Fortinet vulnerabilities are frequently exploited in ransomware and cyber-espionage attacks, often as zero-days.

For instance, in February, it addressed another critical vulnerability (CVE-2026-21643) in the FortiClient Enterprise Management Server (EMS) platform, which threat intelligence company Defused flagged as actively exploited one month later.

More recently, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) ordered federal agencies in early April to secure FortiClient Enterprise Management Server (EMS) instances against an actively exploited authentication bypass flaw (CVE-2026-35616).

In total, CISA has added 24 Fortinet vulnerabilities to its catalog of actively exploited security flaws in recent years, 13 of which were also abused in ransomware attacks.

Explore topics: fortinet fortisandbox fortiauthenticator cve-2026-44277 cve-2026-26083
Related:
Iran claims US botnets or backdoors disabled routers from Cisco, Juniper, and Fortinet
Iran claims US exploited networking equipment backdoors during strikes
Iran claims US exploited networking equipment backdoors during strikes — says devices from Cisco and others failed despite blackout in attack that 'indicates deep sabotage'
Fortinet Issues Emergency Patch for FortiClient Zero-Day
CISA orders feds to patch exploited Fortinet EMS flaw by Friday

© 2026 GoKawiil

About | Editorial Policy | Contact