Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons

Social Media

Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons
Search the Site
Popular Searches:
technology Amazon AI
Recent Posts
FortiBleed Vulnerability Exploited by INC and Lynx Ransomware to Steal Passwords
July 2, 2026
WhatsApp Username Reservations Raise Security Concerns for 2 Billion Users
July 2, 2026
Alleged Scattered Spider Member Extradited to US for 100+ Network Hacks
July 2, 2026
Home/CyberSecurity News/Fortinet Patches 2 Critical Flaws in FortiSandbox, FortiOS, FortiAnalyzer
CyberSecurity News

Fortinet Patches 2 Critical Flaws in FortiSandbox, FortiOS, FortiAnalyzer

Key Takeaways Fortinet has released 11 security advisories, including two critical vulnerabilities, affecting multiple product lines. The most severe flaws impact FortiSandbox, allowing...

Jennifer sherman
Jennifer sherman
April 14, 2026 4 Min Read
58 0

Key Takeaways

  • Fortinet has released 11 security advisories, including two critical vulnerabilities, affecting multiple product lines.
  • The most severe flaws impact FortiSandbox, allowing unauthenticated remote code execution and privilege escalation.
  • Other vulnerabilities include high-severity heap buffer overflows, authentication bypasses, path traversals, XSS, and SQL injection.
  • Immediate patching is strongly recommended for critical and high-severity issues, particularly those affecting FortiSandbox, FortiAnalyzer, and FortiManager.

Fortinet has issued a comprehensive set of security advisories on April 14, 2026, detailing eleven distinct vulnerabilities across several of its enterprise product offerings. This extensive disclosure includes two critical-rated flaws, two high-severity issues, and seven vulnerabilities categorized as medium or low severity.

Table Of Content

  • Key Takeaways
  • Critical Flaws Demand Immediate Attention
  • FortiSandbox OS Command Injection
  • FortiSandbox Path Traversal and Authentication Bypass
  • High-Severity Heap Buffer Overflow in Cloud Products
  • Authentication and Access Control Gaps
  • Missing Authentication in FortiOS CAPWAP Daemon
  • Insufficiently Protected Credentials
  • Path Traversal, Cross-Site Scripting, and SQL Injection Vulnerabilities
  • Multiple Path Traversal Issues
  • Cross-Site Scripting Vulnerabilities
  • SQL Injection Flaw
  • What You Should Do

The affected products span FortiSandbox, FortiAnalyzer, FortiManager, FortiOS, FortiProxy, FortiPAM, and FortiSwitchManager. Enterprise administrators are advised to prioritize and implement the necessary patches without delay to mitigate potential risks.

Critical Flaws Demand Immediate Attention

Leading the list of disclosures are two critical vulnerabilities in FortiSandbox and FortiSandbox PaaS, both carrying significant risk due to their unauthenticated and remote exploitability.

FortiSandbox OS Command Injection

The most critical vulnerability identified is CVE-2026-39808, an OS command injection flaw (CWE-122) affecting FortiSandbox and its cloud counterpart, FortiSandbox PaaS. This vulnerability is accessible via an unauthenticated API.

Versions 4.4.4 through 4.4.8 of FortiSandbox are impacted, alongside FortiSandbox PaaS versions up to 23.4.4374. An attacker, without needing any prior authentication, could leverage this flaw to execute arbitrary operating system commands on the underlying system, potentially leading to a complete compromise of the device.

FortiSandbox Path Traversal and Authentication Bypass

Equally critical is CVE-2026-39813, a path traversal vulnerability (CWE-24) found in the JRPC API of FortiSandbox. This unauthenticated flaw impacts FortiSandbox versions 5.0.1 through 5.0.5.

Successful exploitation could allow an attacker to bypass authentication mechanisms entirely and escalate privileges without requiring any valid credentials, positioning it as one of the most dangerous vulnerabilities in this round of advisories.

High-Severity Heap Buffer Overflow in Cloud Products

Rated as high severity, CVE-2026-22828 describes a heap-based buffer overflow (CWE-122) within the oftpd daemon of FortiAnalyzer Cloud and FortiManager Cloud. This vulnerability affects versions 7.6.2 through 7.6.4.

The flaw is unauthenticated and exposed over the network, making it highly exploitable. A remote attacker could exploit this vulnerability to execute arbitrary code or trigger a denial of service by crashing the affected service.

Authentication and Access Control Gaps

Several other vulnerabilities address weaknesses in authentication and access control mechanisms across various Fortinet products.

Missing Authentication in FortiOS CAPWAP Daemon

CVE-2025-53847 highlights a missing authentication for a critical function (CWE-306) in the CAPWAP daemon of FortiOS and FortiSwitchManager. Rated as medium severity, this vulnerability is accessible without authentication from an internal network.

It impacts FortiOS versions 7.4.8 through 7.6.3, making it a significant concern for organizations operating segmented enterprise network environments.

Insufficiently Protected Credentials

CVE-2026-27316 reveals an insufficiently protected credentials vulnerability (CWE-522) within the FortiSandbox and FortiSandbox PaaS web GUI, specifically on the LDAP configuration page. This low-severity, externally accessible flaw affects FortiSandbox versions 5.0.1–5.0.5 and PaaS versions up to 23.4.4374.

Exploitation could potentially expose LDAP bind credentials to authenticated users who have GUI access.

Path Traversal, Cross-Site Scripting, and SQL Injection Vulnerabilities

Fortinet’s advisories also detail multiple instances of path traversal, cross-site scripting (XSS), and SQL injection vulnerabilities.

Multiple Path Traversal Issues

Three distinct path traversal vulnerabilities were addressed. CVE-2026-25691, affecting FortiSandbox’s vmimages delete feature, allows authenticated GUI users to delete arbitrary directories.

CVE-2025-68649 impacts the CLI interfaces of FortiAnalyzer, FortiAnalyzer Cloud, FortiManager, and FortiManager Cloud across the 7.6.x and 7.4.x branches. Additionally, CVE-2025-61624 affects CLI components in FortiOS, FortiPAM, FortiProxy, and FortiSwitchManager across several versions. All three are rated medium severity and require authenticated internal access for exploitation.

Cross-Site Scripting Vulnerabilities

The release also included several XSS vulnerabilities. CVE-2026-39812 introduces stored XSS risks in FortiSandbox and FortiSandbox PaaS versions 5.0.1–5.0.5. Meanwhile, CVE-2025-61886 describes a reflected XSS flaw in FortiSandbox’s Operation Center interface, which is accessible to unauthenticated users from an internal network position.

SQL Injection Flaw

Rounding out the detailed disclosures is CVE-2025-61848, an SQL injection vulnerability (CWE-89) found in the JSON RPC API of FortiAnalyzer and FortiManager versions 7.6.1–7.6.4, as well as their cloud counterparts. This medium-severity flaw requires authenticated internal access, but successful exploitation could allow attackers to manipulate backend database queries.

What You Should Do

Security teams should prioritize patching based on the severity and attack vectors of the disclosed vulnerabilities:

  • Immediately: Apply patches for CVE-2026-39808 and CVE-2026-39813, the critical, unauthenticated flaws affecting FortiSandbox.
  • Urgently: Address CVE-2026-22828, the high-severity, unauthenticated heap overflow in FortiAnalyzer/FortiManager Cloud.
  • High Priority: Patch CVE-2025-53847, the medium-severity, unauthenticated CAPWAP daemon vulnerability in FortiOS.
  • Scheduled Patching: Implement patches for all remaining medium and low-severity findings across FortiSandbox, FortiAnalyzer, FortiManager, FortiOS, FortiProxy, FortiPAM, and FortiSwitchManager.

Administrators should consult Fortinet’s official PSIRT portal for specific fixed versions and apply all available patches without delay to protect their environments.

Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.

Tags:

AttackCVEExploitPatchSecurityVulnerability

Share Article

Jennifer sherman

Jennifer sherman

Jennifer is a cybersecurity news reporter covering data breaches, ransomware campaigns, and dark web markets. With a background in incident response, Jennifer provides unique insights into how organizations respond to cyber attacks and the evolving tactics of threat actors. Her reporting has covered major breaches affecting millions of users and has helped organizations understand emerging threats. Jennifer combines technical knowledge with investigative journalism to deliver in-depth coverage of cybersecurity incidents.

Previous Post

Microsoft April 2026 Patch Tuesday Fixes 168 Flaws, Including an Actively Exploited 0-Day

Next Post

Critical Microsoft SharePoint Server 0-Day Actively Exploited

No Comment! Be the first one.

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Popular Posts
Critical Cursor IDE RCE Vulnerabilities Allow Zero-Click Prompt Injection
July 1, 2026
Automated Password Spray Attacks Target Microsoft Azure CLI
July 1, 2026
Reduce Alert Fatigue to Improve SOC Efficiency and Cut Business Costs
July 1, 2026
Top Authors
Marcus Rodriguez
Marcus Rodriguez
Jennifer sherman
Jennifer sherman
Emy Elsamnoudy
Emy Elsamnoudy
Let's Connect
156k
2.25m
285k

Related Posts

Jennifer sherman
By Jennifer sherman
Threats

GlassWorm Attacks macOS via Malicious VS Code…

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Attacks

ClickFix Attack Hides Malicious Code via Stegan Security

January 1, 2026
Sarah simpson
By Sarah simpson
Vulnerabilities

MongoBleed Detector Tool Released to Detect MongoDB Vulnerability(CVE-2025-14847)

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Breaches

Conti Ransomware Gang Leaders & Infrastructure Exposed

January 1, 2026
Hackers News Hackers News
  • [email protected]

Quick Links

  • Contact Us
  • Privacy Policy
  • Terms of service

Categories

Attacks
Breaches
Comparisons
CyberSecurity News
Threats
Vulnerabilities

Let's keep in touch

receive fresh updates and breaking cyber news every day and week!

All Rights Reserved by HackersRadar ©2026

Follow Us