On May 12, 2026, Fortinet announced crucial security updates addressing five vulnerabilities in a range of its products, including wireless access point controllers, network operating systems, and enterprise management platforms. Among these, a critical flaw was identified in FortiSandbox, posing significant security risks.
Key Vulnerability in FortiSandbox
The most concerning vulnerability, tagged as CVE-2026-26083 (FG-IR-26-136), is a missing authorization flaw affecting FortiSandbox, including its Cloud and PaaS versions. This critical GUI-accessible flaw allows remote attackers to bypass authentication and access sensitive data without credentials. Versions impacted include FortiSandbox 5.0 and 4.4, FortiSandbox Cloud 24, 23, and 5.0, and FortiSandbox PaaS from 22.1 to 23.4. Due to its severity, addressing this flaw is a top priority for organizations using these products.
Command Injection Flaws in FortiAP
Fortinet also disclosed two medium-severity OS command injection vulnerabilities in its FortiAP firmware. CVE-2025-53680 (FG-IR-26-131) and CVE-2025-53870 (FG-IR-26-133) impact various FortiAP and FortiAP-W2 versions, requiring authenticated internal access to exploit. Attackers with CLI access could execute arbitrary OS-level commands, necessitating immediate attention to mitigate potential threats.
Additional Vulnerabilities and Their Impact
CVE-2025-67604 (FG-IR-26-137) poses a medium threat due to a dangerous function vulnerability in the API layer of FortiAnalyzer and FortiManager. Affecting versions 7.0 through 8.0, this flaw could enable an internal attacker to trigger denial-of-service conditions, impacting crucial enterprise operations. Similarly, CVE-2025-53844 (FG-IR-26-123), an out-of-bounds write vulnerability in FortiOS, could allow attackers to disrupt FortiOS processes via malformed CAPWAP traffic.
Organizations are urged to prioritize patching CVE-2026-26083 due to its critical nature and unauthenticated attack surface. For medium-severity issues, it’s recommended to apply patches during scheduled maintenance, restrict CLI and API access, and closely monitor network traffic for irregular activities.
For detailed patch information and recommended workarounds, Fortinet’s PSIRT advisory page remains the best resource. Stay informed by following Fortinet on Google News, LinkedIn, and X for the latest updates.
