"Tracked as CVE-2026-44277 (CVSS score of 9.1), the first of them is an improper access control issue in FortiAuthenticator that could be exploited remotely, without authentication, via crafted requests. "FortiAuthenticator Cloud is not impacted by the issue, and hence customers do not need to perform any action," the company says."
"The second, tracked as CVE-2026-26083 (CVSS score of 9.1), is a missing authorization weakness affecting FortiSandbox, FortiSandbox Cloud, and FortiSandbox PaaS WEB UI. According to Fortinet, remote, unauthenticated attackers could send crafted HTTP requests to the vulnerable appliances to achieve code or command execution."
"Fortinet also resolved a high-severity out-of-bounds write vulnerability (CVE-2025-53844) in the FortiOS capwap daemon that could allow attackers to execute code on FortiGate devices. The attacker needs to control an authenticated FortiAP FortiExtender or FortiSwitch, the company says."
"The most severe of these is CVE-2026-8043 (CVSS score of 9.6), described as an external control of a file name issue in Xtraction that could be exploited remotely to read sensitive files and write arbitrary HTML files to a web directory."
Fortinet released patches covering 18 vulnerabilities across its product portfolio, including three critical-severity issues. Two critical flaws were addressed in FortiAuthenticator and FortiSandbox components. One issue involved improper access control in FortiAuthenticator that could be exploited remotely without authentication through crafted requests, while FortiAuthenticator Cloud was stated as not impacted. Another issue involved missing authorization in FortiSandbox products, where crafted HTTP requests could enable code or command execution. Fortinet also fixed a high-severity out-of-bounds write in the FortiOS capwap daemon that could allow code execution on FortiGate devices with authenticated FortiAP FortiExtender or FortiSwitch control. Ivanti issued four advisories covering seven vulnerabilities affecting multiple products, including a critical file name control issue in Xtraction enabling remote sensitive file reads and arbitrary HTML writes.
Read at SecurityWeek
Unable to calculate read time
Collection
[
|
...
]