Ethical Hacking News
Fortinet has released patches for two critical vulnerabilities in its FortiSandbox and FortiAuthenticator solutions. The flaws, tracked as CVE-2026-44277 and CVE-2026-26083, could have allowed attackers to remotely execute code on unpatched systems. The patches demonstrate Fortinet's ongoing commitment to improving the security of its products and protecting its customers from potential threats.
Fortinet has identified and addressed two critical vulnerabilities in its FortiSandbox and FortiAuthenticator solutions. The vulnerabilities, CVE-2026-44277 and CVE-2026-26083, could have allowed attackers to remotely execute code on unpatched systems, potentially leading to serious security breaches. A patch for the affected versions of FortiAuthenticator has been released to address the improper access control issue in CVE-2026-44277. A missing authorization issue in FortiSandbox (CVE-2026-26083) allows unauthenticated attackers to execute unauthorized code via HTTP requests. Neither vulnerability has been publicly disclosed prior to this announcement, but Fortinet chose to alert its stakeholders as part of a responsible disclosure practice.
In a recent move to bolster the security of its customers, Fortinet has identified and addressed two critical vulnerabilities in its FortiSandbox and FortiAuthenticator solutions. The flaws, tracked as CVE-2026-44277 and CVE-2026-26083, respectively, could have allowed attackers to remotely execute code on unpatched systems, potentially leading to a range of serious security breaches.
The first vulnerability, CVE-2026-44277, is an improper access control issue in FortiAuthenticator. This flaw, which is tracked as CWE-284, allows an unauthenticated attacker to execute unauthorized code or commands via crafted requests. The vulnerability does not affect the FortiAuthenticator Cloud service.
Fortinet experts discovered the flaw during an internal audit and have since addressed it by releasing a patch for affected versions of FortiAuthenticator. According to the advisory released by Fortinet, users running version 8.08.0.2 or later must upgrade to version 8.0.3 or above in order to avoid the vulnerability.
The second flaw, CVE-2026-26083, is a missing authorization issue in FortiSandbox. This vulnerability, which is also tracked as CWE-862, allows an unauthenticated attacker to execute unauthorized code or commands via HTTP requests. Neither of these vulnerabilities has been exploited in the wild, and Fortinet experts believe that they are sufficiently addressed through the release of the patches.
Adham El Karn, a member of the Fortinet Product Security team, discovered and reported both vulnerabilities internally before their formal disclosure. The rapid response by Fortinet demonstrates its commitment to timely addressing security threats and protecting its customers from potential breaches.
It is worth noting that neither vulnerability has been publicly disclosed prior to this announcement by Fortinet. However, as a responsible disclosure practice, the company chose to alert its stakeholders about these vulnerabilities in order to allow them sufficient time to patch their systems before potentially being exploited by malicious actors.
The recent patches issued by Fortinet demonstrate its ongoing commitment to improving the security of its solutions and protecting its customers from potential threats. As the landscape of cybersecurity continues to evolve, it is essential for companies like Fortinet to stay vigilant and proactive in addressing emerging vulnerabilities and ensuring the integrity of their systems.
In addition, these patches serve as a reminder to all organizations that rely on Fortinet's products to prioritize regular security audits and vulnerability assessments. By staying informed about potential threats and taking swift action to address them, organizations can minimize their exposure to cyber threats and maintain the confidence of their customers.
Overall, the recent patches issued by Fortinet demonstrate its dedication to enhancing the security of its solutions and safeguarding the interests of its customers. As the cybersecurity landscape continues to evolve, it is crucial for companies like Fortinet to remain at the forefront of this effort, working tirelessly to protect against emerging threats and ensuring that their products remain secure.
Related Information:
https://www.ethicalhackingnews.com/articles/Fortinet-Patches-Critical-Vulnerabilities-in-FortiSandbox-and-FortiAuthenticator-ehn.shtml
https://securityaffairs.com/192047/security/critical-fortinet-vulnerabilities-fixed-in-fortisandbox-and-fortiauthenticator.html
https://nvd.nist.gov/vuln/detail/CVE-2026-44277
https://www.cvedetails.com/cve/CVE-2026-44277/
https://nvd.nist.gov/vuln/detail/CVE-2026-26083
https://www.cvedetails.com/cve/CVE-2026-26083/
Published: Wed May 13 02:39:22 2026 by llama3.2 3B Q4_K_M
