Fortinet Patches Critical, High Vulnerabilities in FortiOS, FortiProxy
Key Takeaways Fortinet has released seven new security advisories addressing vulnerabilities across FortiOS, FortiProxy, FortiPAM, and FortiSandbox. The flaws, ranging from low to medium severity,...
Key Takeaways
- Fortinet has released seven new security advisories addressing vulnerabilities across FortiOS, FortiProxy, FortiPAM, and FortiSandbox.
- The flaws, ranging from low to medium severity, include critical issues like unauthenticated VNC exposure in FortiSandbox and a path traversal vulnerability in FortiOS.
- Affected versions span FortiOS (7.0-8.0), FortiProxy (7.2-7.6), FortiPAM (1.4-1.9), and FortiSandbox (4.4-5.2).
- While none are rated critical, prompt patching is essential, especially for internet-facing deployments and FortiSandbox instances, due to the potential for significant impact.
Fortinet Discloses Multiple Vulnerabilities Across Core Products
Fortinet issued seven new security advisories on July 14, 2026, detailing a range of vulnerabilities impacting its widely used FortiOS, FortiProxy, FortiPAM, and FortiSandbox platforms. These flaws vary in severity from low-risk header injection issues to more significant medium-severity buffer overflows and an alarming unauthenticated VNC exposure within FortiSandbox.
Table Of Content
Despite no vulnerabilities receiving a “critical” rating, several affect widely deployed enterprise firewall and proxy versions. This necessitates immediate attention from security teams to apply the available patches.
The advisories cover key Fortinet product lines integral to enterprise perimeter security. Specifically, affected versions include FortiOS (7.0 through 8.0), FortiProxy (7.2 through 7.6), FortiPAM (1.4 through 1.9), and FortiSandbox (4.4 through 5.2). Given the foundational role these platforms play in network defense, unpatched instances introduce tangible risks, particularly when components exposed to external attackers, such as SSL-VPNs or captive portals, are involved.
Key Vulnerabilities Highlighted
Among the disclosed vulnerabilities, two present particularly elevated practical risks. The first, CVE-2026-59839, is a path traversal vulnerability (CWE-22) that could allow an authenticated attacker with limited Command Line Interface (CLI) access to delete critical root filesystem files. This could lead to a denial of service or render the device unstable.
The second, CVE-2026-59835, affecting FortiSandbox, is arguably the most pressing concern. This flaw exposes VNC without authentication on all network interfaces (CWE-668). An unauthenticated attacker could potentially gain direct console access to the sandboxing appliance, a component typically relied upon for isolated analysis of malicious files. The severity rating for this specific vulnerability was not disclosed.
Other significant vulnerabilities include:
- CVE-2025-43892: A medium-severity buffer over-read (CWE-126) in the authd and wad daemons, exploitable via CLI by an authenticated user.
- CVE-2026-59837: A medium-severity stack-based buffer overflow (CWE-121) in log report generation, exploitable via the GUI by an authenticated user.
- CVE-2026-23573: A medium-severity reflected Cross-Site Scripting (XSS) vulnerability in SSL-VPN, which is unauthenticated and web-facing. This could allow attackers to craft malicious links targeting users accessing the SSL-VPN portal, a frequent target in past Fortinet exploits.
Additionally, two low-severity CRLF injection bugs were identified: CVE-2025-62675 and CVE-2025-62826. These vulnerabilities allow HTTP response splitting on the Web Filter warning page and the captive portal login form, respectively. While individually low-severity, they could be combined with phishing or cache-poisoning tactics to manipulate information presented to users interacting with FortiOS-managed network access points.
What You Should Do
- Immediately apply Fortinet’s official patches for all affected FortiOS, FortiProxy, FortiPAM, and FortiSandbox deployments. Prioritize internet-facing SSL-VPN and captive portal configurations.
- Restrict CLI access to only trusted administrators to mitigate risks associated with vulnerabilities requiring authenticated CLI access.
- Conduct a thorough audit of FortiSandbox network exposure and disable VNC access on any interfaces where it is not explicitly required for operational purposes.
- Continuously monitor Fortinet’s PSIRT advisories for any updated CVSS scores, additional mitigation guidance, or confirmations of in-the-wild exploitation.
Fortinet has a history of these advisories preceding active exploitation attempts. Therefore, organizations running affected versions should treat this round of patches as an immediate security priority rather than routine maintenance.
Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.



No Comment! Be the first one.