Skip to content
  • Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form
Fortinet Urges Immediate Patching for Critical Vulnerabilities

Fortinet Urges Immediate Patching for Critical Vulnerabilities

Posted on April 14, 2026 By CWS

On April 14, 2026, Fortinet announced a series of security updates addressing 11 vulnerabilities across various products. These include two vulnerabilities classified as Critical, two as High, and seven that are Medium or Low. The affected products are FortiSandbox, FortiAnalyzer, FortiManager, FortiOS, FortiProxy, FortiPAM, and FortiSwitchManager. Enterprise network administrators are strongly encouraged to prioritize these patches immediately.

Critical Vulnerabilities Demand Immediate Attention

The most pressing issue is CVE-2026-39808, an OS command injection flaw in FortiSandbox and FortiSandbox PaaS, rated as Critical. This vulnerability, rooted in improper neutralization of elements used in OS commands, affects versions 4.4.4 to 4.4.8 of FortiSandbox and up to version 23.4.4374 of its PaaS counterpart. Exploitation could lead to arbitrary command execution, risking full system compromise.

Another Critical vulnerability, CVE-2026-39813, involves path traversal in FortiSandbox’s JRPC API. Affecting versions 5.0.1 through 5.0.5, this flaw could allow attackers to bypass authentication and escalate privileges without credentials, posing a significant threat.

High and Medium-Risk Flaws

CVE-2026-22828, rated High, is a heap-based buffer overflow vulnerability found in the oftpd daemon of FortiAnalyzer and FortiManager Cloud. This flaw, affecting versions 7.6.2 to 7.6.4, can be exploited remotely without authentication, allowing attackers to execute arbitrary code or disrupt the service.

An important Medium-risk vulnerability is CVE-2025-53847, which highlights a missing authentication issue in the CAPWAP daemon of FortiOS and FortiSwitchManager. This flaw, affecting FortiOS versions 7.4.8 to 7.6.3, is accessible without authentication from an internal network, necessitating prompt attention for segmented networks.

Additional Vulnerabilities and Mitigation Strategies

Other vulnerabilities include path traversal, cross-site scripting (XSS), and SQL injection risks. Notably, CVE-2026-25691 affects FortiSandbox’s vmimages delete feature, while CVE-2025-61886 presents a reflected XSS flaw in FortiSandbox’s interface.

Fortinet advises security teams to prioritize patches in descending order of severity and attack vector. Critical vulnerabilities in FortiSandbox should be addressed immediately, followed by high-risk flaws in FortiAnalyzer and FortiManager Cloud. All other vulnerabilities should be patched as soon as possible.

For detailed information on fixed versions, administrators are advised to consult Fortinet’s PSIRT portal and apply the necessary patches without delay. Keeping systems updated is crucial to maintaining network security and mitigating potential threats.

Cyber Security News Tags:critical flaws, Cybersecurity, FortiAnalyzer, FortiManager, Fortinet, FortiOS, FortiPAM, FortiProxy, FortiSandbox, FortiSwitchManager, network security, security advisory, security patch, software update, Vulnerabilities

Post navigation

Previous Post: Microsoft Resolves SharePoint Zero-Day and 160 More Flaws
Next Post: April 2026 Microsoft Patch Tuesday: Key Vulnerabilities

Related Posts

New Undectable Plague Malware Attacking Linux Servers to Gain Persistent SSH Access New Undectable Plague Malware Attacking Linux Servers to Gain Persistent SSH Access Cyber Security News
CISA Warns of Citrix RCE and Privilege Escalation Vulnerabilities Exploited in Attacks CISA Warns of Citrix RCE and Privilege Escalation Vulnerabilities Exploited in Attacks Cyber Security News
AI Vibe Coding Platform Hacked AI Vibe Coding Platform Hacked Cyber Security News
Server Leak Uncovers TheGentlemen Ransomware Toolkit Server Leak Uncovers TheGentlemen Ransomware Toolkit Cyber Security News
CISA Warns of OpenPLC ScadaBR File Upload Vulnerability Exploited in Attacks CISA Warns of OpenPLC ScadaBR File Upload Vulnerability Exploited in Attacks Cyber Security News
46,000+ Grafana Instances Exposed to Malicious Account Takeover Attacks 46,000+ Grafana Instances Exposed to Malicious Account Takeover Attacks Cyber Security News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • Critical Vulnerability in Claude Extension Exposes Google Data
  • Adobe Releases Critical Security Updates for ColdFusion
  • LabubaRAT Disguises as NVIDIA Software to Infiltrate Systems
  • Turkish Banks Hit by Extensive Phishing and Scam Ads
  • Pentera Enhances AI Security with Validation Engines

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • Critical Vulnerability in Claude Extension Exposes Google Data
  • Adobe Releases Critical Security Updates for ColdFusion
  • LabubaRAT Disguises as NVIDIA Software to Infiltrate Systems
  • Turkish Banks Hit by Extensive Phishing and Scam Ads
  • Pentera Enhances AI Security with Validation Engines

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Copyright © 2026 Cyber Web Spider Blog – News.

Powered by PressBook Masonry Dark