Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons

Social Media

Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons
Search the Site
Popular Searches:
technology Amazon AI
Recent Posts
Fortinet Patches Critical, High Vulnerabilities in FortiOS, FortiProxy
July 14, 2026
Microsoft Patch Tuesday fixes 570 flaws including 3 zero-days
July 14, 2026
Critical Flaw: OAuth Client ID Spoofing Exposes 2 Million Entra ID Users
July 14, 2026
Home/CyberSecurity News/Fortinet Patches Critical, High Vulnerabilities in FortiOS, FortiProxy
CyberSecurity News

Fortinet Patches Critical, High Vulnerabilities in FortiOS, FortiProxy

Key Takeaways Fortinet has released seven new security advisories addressing vulnerabilities across FortiOS, FortiProxy, FortiPAM, and FortiSandbox. The flaws, ranging from low to medium severity,...

Sarah simpson
Sarah simpson
July 14, 2026 3 Min Read
3 0

Key Takeaways

  • Fortinet has released seven new security advisories addressing vulnerabilities across FortiOS, FortiProxy, FortiPAM, and FortiSandbox.
  • The flaws, ranging from low to medium severity, include critical issues like unauthenticated VNC exposure in FortiSandbox and a path traversal vulnerability in FortiOS.
  • Affected versions span FortiOS (7.0-8.0), FortiProxy (7.2-7.6), FortiPAM (1.4-1.9), and FortiSandbox (4.4-5.2).
  • While none are rated critical, prompt patching is essential, especially for internet-facing deployments and FortiSandbox instances, due to the potential for significant impact.

Fortinet Discloses Multiple Vulnerabilities Across Core Products

Fortinet issued seven new security advisories on July 14, 2026, detailing a range of vulnerabilities impacting its widely used FortiOS, FortiProxy, FortiPAM, and FortiSandbox platforms. These flaws vary in severity from low-risk header injection issues to more significant medium-severity buffer overflows and an alarming unauthenticated VNC exposure within FortiSandbox.

Table Of Content

  • Key Takeaways
  • Fortinet Discloses Multiple Vulnerabilities Across Core Products
  • Key Vulnerabilities Highlighted
  • What You Should Do

Despite no vulnerabilities receiving a “critical” rating, several affect widely deployed enterprise firewall and proxy versions. This necessitates immediate attention from security teams to apply the available patches.

The advisories cover key Fortinet product lines integral to enterprise perimeter security. Specifically, affected versions include FortiOS (7.0 through 8.0), FortiProxy (7.2 through 7.6), FortiPAM (1.4 through 1.9), and FortiSandbox (4.4 through 5.2). Given the foundational role these platforms play in network defense, unpatched instances introduce tangible risks, particularly when components exposed to external attackers, such as SSL-VPNs or captive portals, are involved.

Key Vulnerabilities Highlighted

Among the disclosed vulnerabilities, two present particularly elevated practical risks. The first, CVE-2026-59839, is a path traversal vulnerability (CWE-22) that could allow an authenticated attacker with limited Command Line Interface (CLI) access to delete critical root filesystem files. This could lead to a denial of service or render the device unstable.

The second, CVE-2026-59835, affecting FortiSandbox, is arguably the most pressing concern. This flaw exposes VNC without authentication on all network interfaces (CWE-668). An unauthenticated attacker could potentially gain direct console access to the sandboxing appliance, a component typically relied upon for isolated analysis of malicious files. The severity rating for this specific vulnerability was not disclosed.

Other significant vulnerabilities include:

  • CVE-2025-43892: A medium-severity buffer over-read (CWE-126) in the authd and wad daemons, exploitable via CLI by an authenticated user.
  • CVE-2026-59837: A medium-severity stack-based buffer overflow (CWE-121) in log report generation, exploitable via the GUI by an authenticated user.
  • CVE-2026-23573: A medium-severity reflected Cross-Site Scripting (XSS) vulnerability in SSL-VPN, which is unauthenticated and web-facing. This could allow attackers to craft malicious links targeting users accessing the SSL-VPN portal, a frequent target in past Fortinet exploits.

Additionally, two low-severity CRLF injection bugs were identified: CVE-2025-62675 and CVE-2025-62826. These vulnerabilities allow HTTP response splitting on the Web Filter warning page and the captive portal login form, respectively. While individually low-severity, they could be combined with phishing or cache-poisoning tactics to manipulate information presented to users interacting with FortiOS-managed network access points.

What You Should Do

  • Immediately apply Fortinet’s official patches for all affected FortiOS, FortiProxy, FortiPAM, and FortiSandbox deployments. Prioritize internet-facing SSL-VPN and captive portal configurations.
  • Restrict CLI access to only trusted administrators to mitigate risks associated with vulnerabilities requiring authenticated CLI access.
  • Conduct a thorough audit of FortiSandbox network exposure and disable VNC access on any interfaces where it is not explicitly required for operational purposes.
  • Continuously monitor Fortinet’s PSIRT advisories for any updated CVSS scores, additional mitigation guidance, or confirmations of in-the-wild exploitation.

Fortinet has a history of these advisories preceding active exploitation attempts. Therefore, organizations running affected versions should treat this round of patches as an immediate security priority rather than routine maintenance.

Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.

Tags:

AttackCVEExploitPatchphishingSecurityVulnerability

Share Article

Sarah simpson

Sarah simpson

Sarah is a cybersecurity journalist specializing in threat intelligence and malware analysis. With over 8 years of experience covering APT groups, zero-day exploits, and advanced persistent threats, Sarah brings deep technical expertise to breaking cybersecurity news. Previously, she worked as a security researcher at leading threat intelligence firms, where she analyzed malware samples and tracked cybercriminal operations. Sarah holds a Master's degree in Computer Science with a focus on cybersecurity and is a regular contributor to major security conferences.

Previous Post

Microsoft Patch Tuesday fixes 570 flaws including 3 zero-days

No Comment! Be the first one.

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Popular Posts
Critical FortiSandbox CVE-2023-34981 Exposes VNC Server to Attackers
July 14, 2026
SOC Efficiency: Cut Alert Overload and MTTR by 21 Minutes Per Case
July 14, 2026
Miasma Malware Creates Backdoors in npm Packages, Targets Dev Machines
July 14, 2026
Top Authors
Marcus Rodriguez
Marcus Rodriguez
Jennifer sherman
Jennifer sherman
Emy Elsamnoudy
Emy Elsamnoudy
Let's Connect
156k
2.25m
285k

Related Posts

Jennifer sherman
By Jennifer sherman
Threats

GlassWorm Attacks macOS via Malicious VS Code…

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Attacks

ClickFix Attack Hides Malicious Code via Stegan Security

January 1, 2026
Sarah simpson
By Sarah simpson
Vulnerabilities

MongoBleed Detector Tool Released to Detect MongoDB Vulnerability(CVE-2025-14847)

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Breaches

Conti Ransomware Gang Leaders & Infrastructure Exposed

January 1, 2026
Hackers News Hackers News
  • [email protected]

Quick Links

  • Contact Us
  • Privacy Policy
  • Terms of service

Categories

Attacks
Breaches
Comparisons
CyberSecurity News
Threats
Vulnerabilities

Let's keep in touch

receive fresh updates and breaking cyber news every day and week!

All Rights Reserved by HackersRadar ©2026

Follow Us