Fortinet warns of critical RCE flaws in FortiSandbox and FortiAuthenticator

Fortinet warns of critical RCE flaws in FortiSandbox and FortiAuthenticator By Sergiu Gatlan May 12, 2026 02:23 PM 0 Fortinet has released security updates to address two critical vulnerabilities in FortiSandbox and FortiAuthenticator that could enable attackers to run commands or arbitrary code on unpatched systems. The first one, tracked as CVE-2026-44277, impacts the company's FortiAuthenticator Identity and Access Management (IAM) solution and was patched in FortiAuthenticator versions 6.5.7, 6.6.9, and 8.0.3. "An Improper Access Control vulnerability [CWE-284] in FortiAuthenticator may allow an unauthenticated attacker to execute unauthorized code or commands via crafted requests," Fortinet said in a Tuesday advisory. The company added that FortiAuthenticator Cloud (formerly known as FortiTrust Identity), an Identity and Access Management as a Service (IDaaS) cloud service hosted and managed by Fortinet, is not impacted by the issue. Today, Fortinet also addressed a missing authorization weakness (CVE-2026-26083) that can be exploited to achieve remote code execution on vulnerable FortiSandbox systems designed to protect against malicious activity, including zero-day threats. "A missing authorization vulnerability [CWE-862] in FortiSandbox, FortiSandbox Cloud and FortiSandbox PaaS WEB UI may allow an unauthenticated attacker to execute unauthorized code or commands via HTTP requests," it added. While the company didn't tag these two security flaws as being exploited in the wild, Fortinet vulnerabilities are frequently exploited in ransomware and cyber-espionage attacks, often as zero-days. For instance, in February, it addressed another critical vulnerability (CVE-2026-21643) in the FortiClient Enterprise Management Server (EMS) platform, which threat intelligence company Defused flagged as actively exploited one month later. More recently, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) ordered federal agencies in early April to secure FortiClient Enterprise Management Server (EMS) instances against an actively exploited authentication bypass flaw (CVE-2026-35616). In total, CISA has added 24 Fortinet vulnerabilities to its catalog of actively exploited security flaws in recent years, 13 of which were also abused in ransomware attacks. 99% of What Mythos Found Is Still Unpatched. AI chained four zero-days into one exploit that bypassed both renderer and OS sandboxes. A wave of new exploits is coming. At the Autonomous Validation Summit (May 12 & 14), see how autonomous, context-rich validation finds what's exploitable, proves controls hold, and closes the remediation loop. Claim Your Spot Related Articles: Critical Fortinet Forticlient EMS flaw now exploited in attacks Weaver E-cology critical bug exploited in attacks since March Hackers exploit file upload bug in Breeze Cache WordPress plugin Critical flaw in Protobuf library enables JavaScript code execution Adobe rolls out emergency fix for Acrobat, Reader zero-day flaw