Fortinet announced on Tuesday the release of 26 security advisories addressing 27 vulnerabilities within its product line, notably highlighting two critical flaws in the FortiSandbox system.
Details of Critical Vulnerabilities
The first significant vulnerability, identified as CVE-2026-39813, affects the FortiSandbox JRPC API. This flaw could potentially enable attackers to bypass authentication protocols. Meanwhile, the second critical issue, CVE-2026-39808, involves an OS command injection vulnerability that may allow unauthorized code execution.
Both identified vulnerabilities have been assigned a CVSS score of 9.1, indicating their severe impact. These can be exploited without user authentication, utilizing specially crafted HTTP requests.
Other Notable Security Updates
In addition to the FortiSandbox issues, Fortinet has also patched CVE-2026-22828, a high-severity buffer overflow problem found in FortiAnalyzer Cloud. Like the others, this vulnerability can be exploited without authentication, potentially leading to remote code execution.
According to Fortinet, exploiting this buffer overflow would require significant effort due to address space layout randomization (ASLR) and network segmentation. The vulnerability is limited to scenarios where attackers gain access to another cloud component within the same network.
Addressing Additional Security Flaws
Fortinet further tackled two high-severity SQL injection vulnerabilities in FortiDDoS-F and FortiClientEMS. These flaws necessitate authentication and can be exploited via crafted requests to execute arbitrary SQL queries.
The remaining vulnerabilities addressed range from medium to low severity, encompassing issues like service discovery, cross-site scripting (XSS) attacks, code execution, and information disclosure, among others. These were addressed as a part of Fortinet’s ongoing commitment to security improvements.
Fortinet has not reported any instances of these vulnerabilities being actively exploited. Further details can be accessed via the company’s official PSIRT advisories page.
Conclusion
By addressing these critical vulnerabilities, Fortinet reaffirms its dedication to maintaining robust security across its product offerings. Users are encouraged to apply these patches promptly to safeguard their systems from potential threats.
