{"id":246206,"date":"2026-05-13T02:50:00","date_gmt":"2026-05-13T06:50:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/05\/13\/critical-fortinet-vulnerabilities-fixed-in-fortisandbox-and-fortiauthenticator\/"},"modified":"2026-05-14T19:15:10","modified_gmt":"2026-05-14T23:15:10","slug":"critical-fortinet-vulnerabilities-fixed-in-fortisandbox-and-fortiauthenticator","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/05\/13\/critical-fortinet-vulnerabilities-fixed-in-fortisandbox-and-fortiauthenticator\/","title":{"rendered":"Critical fortinet vulnerabilities fixed in FortiSandbox and FortiAuthenticator"},"content":{"rendered":"

Critical fortinet vulnerabilities fixed in FortiSandbox and FortiAuthenticator<\/a><\/p>\n

https:\/\/securityaffairs.com\/192047\/security\/critical-fortinet-vulnerabilities-fixed-in-fortisandbox-and-fortiauthenticator.html<\/a><\/p>\n

Publish Date: 2026-05-13 02:50:00<\/a><\/p>\n

Source Domain: securityaffairs.com<\/a><\/p>\n

Critical Fortinet vulnerabilities fixed in FortiSandbox and FortiAuthenticator<\/h2>\n<\/p>\n

\t\t\t\t\t\t\t Pierluigi Paganini<\/span>
\n\t\t\t\t\t\t\t\"\"\/ May 13, 2026<\/span><\/p>\n

\t\t\t\t\t\t\"\"\/<\/p>\n

Fortinet patched critical flaws in FortiSandbox and FortiAuthenticator that could let attackers remotely execute code on unpatched systems.<\/h2>\n

Fortinet addressed two critical vulnerabilities affecting FortiSandbox and FortiAuthenticator. The flaws could allow attackers to execute arbitrary commands or code on unpatched systems. <\/p>\n

The first vulnerability, tracked as CVE-2026-44277, is an improper access control issue in FortiAuthenticator.<\/p>\n

\u201cAn Improper Access Control vulnerability [CWE-284] in FortiAuthenticator may allow an unauthenticated attacker to execute unauthorized code or commands via crafted requests.\u201d reads the advisory.<\/p>\n

Below are the impacted versions:<\/p>\n\n\n\n\n\n\n
Version<\/th>\nAffected<\/th>\nSolution<\/th>\n<\/tr>\n
FortiAuthenticator 8.0<\/td>\n8.0.2<\/td>\nUpgrade to 8.0.3 or above<\/td>\n<\/tr>\n
FortiAuthenticator 8.0<\/td>\n8.0.0<\/td>\nUpgrade to 8.0.3 or above<\/td>\n<\/tr>\n
FortiAuthenticator 6.6<\/td>\n6.6.0 through 6.6.8<\/td>\nUpgrade to 6.6.9 or above<\/td>\n<\/tr>\n
FortiAuthenticator 6.5<\/td>\n6.5.0 through 6.5.6<\/td>\nUpgrade to 6.5.7 or above<\/td>\n<\/tr>\n<\/table>\n

The vulnerability doesn\u2019t affect FortiAuthenticator Cloud.<\/p>\n

Fortinet experts discovered the flaw as part of an internal audit.<\/p>\n

The second flaw addressed by the cybersecurity vendor is a missing authorization issue, tracked as CVE-2026-26083, in FortiSandbox. An attacker can trigger the flaw to achieve remote code execution on vulnerable systems.<\/p>\n

\u201cA missing authorization vulnerability [CWE-862] in FortiSandbox, FortiSandbox Cloud and FortiSandbox PaaS WEB UI may allow an unauthenticated attacker to execute unauthorized code or commands via HTTP requests.\u201d reads the advisory.<\/p>\n

Neither flaw has been exploited in in-the-wild attacks.<\/p>\n

Adham El Karn from the Fortinet Product Security team discovered and reported the issue internally.<\/p>\n

Follow me on…<\/strong><\/p>\n

Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

Critical fortinet vulnerabilities fixed in FortiSandbox and FortiAuthenticator https:\/\/securityaffairs.com\/192047\/security\/critical-fortinet-vulnerabilities-fixed-in-fortisandbox-and-fortiauthenticator.html Publish Date: 2026-05-13 02:50:00 Source Domain:…<\/p>\n","protected":false},"author":1,"featured_media":246207,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/securityaffairs.com\/wp-content\/uploads\/2019\/11\/fortinet-logo.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[24,27],"class_list":["post-246206","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-cybersecurity","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/246206"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=246206"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/246206\/revisions"}],"predecessor-version":[{"id":246208,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/246206\/revisions\/246208"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/246207"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=246206"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=246206"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=246206"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}