Home/Tag/Fortinet

Fortinet

14 articles tagged with "Fortinet"

Vulnerabilities4 min read

Fortinet Patches Critical RCE in FortiSandbox, FortiAuthenticator

Fortinet discloses CVE-2026-44277 and CVE-2026-26083, unauthenticated RCE flaws affecting FortiSandbox and FortiAuthenticator. Patch now before attackers weaponize these.

Marcus ChenMay 12, 2026

Vulnerabilities3 min read

FortiSandbox Auth Bypass and RCE Flaws Score CVSS 9.1

Fortinet patches two critical FortiSandbox vulnerabilities allowing unauthenticated attackers to bypass authentication and execute code. Upgrade to 4.4.9 or 5.0.6 immediately.

Marcus ChenApr 18, 2026

Vulnerabilities4 min read

CISA Orders Feds to Patch FortiClient EMS Flaw by Thursday

CISA adds CVE-2026-35616 to KEV catalog with April 9 deadline for federal agencies. Nearly 2,000 FortiClient EMS instances remain exposed as exploitation continues.

Marcus ChenApr 6, 2026

Vulnerabilities5 min read

FortiClient EMS Zero-Day Under Active Exploit — Patch Now

CVE-2026-35616 lets attackers bypass API authentication in FortiClient EMS 7.4.5-7.4.6 for unauthenticated RCE. Exploitation began March 31. Emergency hotfixes available.

Marcus ChenApr 5, 2026

Vulnerabilities4 min read

Attackers Exploiting FortiClient EMS SQLi Flaw in the Wild

CVE-2026-21643 exploitation began March 26, six weeks after Fortinet's patch. Around 1,000 internet-exposed EMS instances remain vulnerable to unauthenticated RCE.

Marcus ChenMar 31, 2026

Vulnerabilities3 min read

Fortinet Patches 11 Flaws in FortiManager, FortiAnalyzer, FortiSandbox

Fortinet's March 2026 security advisory addresses 11 vulnerabilities including auth bypass, SQL injection, and buffer overflow flaws affecting enterprise management products.

Marcus ChenMar 22, 2026

Vulnerabilities3 min read

Fortinet Patches Critical SQLi-to-RCE Flaw in FortiClientEMS

CVE-2026-21643 allows unauthenticated attackers to chain SQL injection with command execution in FortiClient EMS. CVSS 9.8 affects version 7.4.4—upgrade to 7.4.5 immediately.

Marcus ChenFeb 12, 2026

Vulnerabilities4 min read

Fortinet FortiCloud SSO Zero-Day Exploited to Hijack Firewalls

CVE-2026-24858 allows attackers with FortiCloud accounts to log into other organizations' FortiGate devices. Patches rolling out now.

Marcus ChenJan 28, 2026

Vulnerabilities4 min read

FortiGate Patch Fails: Attackers Still Exploiting SSO Bypass

Arctic Wolf reports automated attacks creating rogue admin accounts on supposedly patched FortiGate devices. Fortinet acknowledges incomplete fix.

Marcus ChenJan 23, 2026

Vulnerabilities3 min read

FortiSIEM RCE Flaw Lets Attackers Gain Root Without Auth

CVE-2025-64155 in Fortinet's SIEM product enables unauthenticated command injection via phMonitor service. CVSS 9.4, patches now available.

Marcus ChenJan 14, 2026

Security Guides6 min read

Auth Bypass in Network Appliances: A Pattern Emerges

From Fortinet to SonicWall, authentication bypass vulnerabilities share common traits. Understanding these patterns helps security teams prioritize patching.

Emily ParkJan 10, 2026

Malware4 min read

New 'Brutus' Brute-Force Tool Targets Fortinet on Dark Web

A threat actor called RedTeam is selling a $1,500 credential-stuffing tool with built-in scanning, proxy rotation, and multi-protocol support aimed at enterprise VPN infrastructure.

James RiveraJan 7, 2026

Vulnerabilities4 min read

Fortinet Warns 5-Year-Old FortiOS 2FA Bypass Is Under Active Attack

CVE-2020-12812 allows attackers to bypass two-factor authentication on FortiGate devices by simply changing username case. Fortinet issued fresh advisory on December 25.

Marcus ChenDec 25, 2025

Vulnerabilities3 min read

Critical Fortinet FortiGate Auth Bypass Under Active Exploitation

Two critical CVSS 9.8 vulnerabilities in FortiGate devices are being actively exploited just days after patch release. Attackers targeting SSO authentication.

Marcus ChenDec 16, 2025