{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/products/fortisandbox-paas-21.3/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["FortiAuthenticator (8.0.2)","FortiAuthenticator (8.0.0)","FortiAuthenticator (6.6.0 to 6.6.8)","FortiAuthenticator (6.5.0 to 6.5.6)","FortiOS (7.6.0 to 7.6.3)","FortiOS (7.4.0 to 7.4.8)","FortiOS (7.2.0 to 7.2.11)","FortiSandbox (5.0.0 to 5.0.1)","FortiSandbox (4.4.0 to 4.4.8)","FortiSandbox Cloud 24","FortiSandbox Cloud 23","FortiSandbox Cloud 5.0 (5.0.2 to 5.0.5)","FortiSandbox PaaS 23.4","FortiSandbox PaaS 23.3","FortiSandbox PaaS 23.1","FortiSandbox PaaS 22.2","FortiSandbox PaaS 22.1","FortiSandbox PaaS 21.4","FortiSandbox PaaS 21.3","FortiSandbox PaaS 5.0 (5.0.0 to 5.0.1)","FortiSandbox PaaS 4.4 (4.4.5 to 4.4.8)"],"_cs_severities":["high"],"_cs_tags":["fortinet","vulnerability","patch"],"_cs_type":"advisory","_cs_vendors":["Fortinet"],"content_html":"\u003cp\u003eOn May 12, 2026, Fortinet issued multiple security advisories addressing vulnerabilities found within its FortiAuthenticator, FortiOS, and FortiSandbox product lines. These advisories detail critical vulnerabilities such as improper access control on API endpoints, incorrect global authorization, and out-of-bounds memory access, potentially leading to unauthorized access or denial-of-service conditions. The affected products and versions include a range of releases, including FortiAuthenticator (versions 6.5.0 to 8.0.2), FortiOS (versions 7.2.0 to 7.6.3), and FortiSandbox (versions 4.4.0 to Cloud 24). Defenders should promptly review the advisories and apply the provided updates to mitigate potential risks.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003cp\u003eGiven the nature of the vulnerabilities (improper access control, incorrect authorization, and out-of-bounds access), the following represents a generalized attack chain:\u003c/p\u003e\n\u003col\u003e\n\u003cli\u003e\u003cstrong\u003eReconnaissance:\u003c/strong\u003e Attacker identifies a vulnerable Fortinet appliance exposed to the network.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eInitial Access:\u003c/strong\u003e Exploiting an improper access control vulnerability (FG-IR-26-128) to gain unauthorized access to API endpoints.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ePrivilege Escalation:\u003c/strong\u003e Leveraging an incorrect global authorization vulnerability (FG-IR-26-136) to escalate privileges within the system.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eLateral Movement (Conditional):\u003c/strong\u003e Depending on the configuration and network segmentation, the attacker may be able to use their elevated privileges to move laterally within the network.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eOut-of-bounds Access:\u003c/strong\u003e Triggering an out-of-bounds memory access in the CAPWAP daemon (FG-IR-26-123), potentially leading to denial of service or information disclosure.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eData Exfiltration or System Compromise:\u003c/strong\u003e Using the compromised system to exfiltrate sensitive data or further compromise other systems on the network.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of these vulnerabilities could allow attackers to gain unauthorized access to sensitive data, escalate privileges within the network, or cause denial-of-service conditions. The widespread use of Fortinet products across various sectors means a successful attack could impact numerous organizations.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImmediately apply the updates provided in the Fortinet security advisories (\u003ca href=\"https://www.fortiguard.com/psirt?filter=1\u0026amp;version=\u0026amp;severity=5\u0026amp;severity=4\u0026amp;severity=3\u0026amp;severity=2\"\u003ehttps://www.fortiguard.com/psirt\u003c/a\u003e) to address the vulnerabilities in FortiAuthenticator, FortiOS, and FortiSandbox.\u003c/li\u003e\n\u003cli\u003eMonitor network traffic for unusual activity related to Fortinet appliances, and deploy the Sigma rule below to detect unauthorized access attempts to API endpoints.\u003c/li\u003e\n\u003cli\u003eReview access control policies and authentication mechanisms on Fortinet appliances to ensure proper security configurations.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-12T19:05:51Z","date_published":"2026-05-12T19:05:51Z","id":"https://feed.craftedsignal.io/briefs/2026-05-fortinet-multiple-vulnerabilities/","summary":"Fortinet released security advisories on May 12, 2026, addressing critical vulnerabilities including improper access control, incorrect global authorization, and out-of-bounds access across FortiAuthenticator, FortiOS, and FortiSandbox product lines, urging users to apply necessary updates.","title":"Fortinet Patches Multiple Vulnerabilities in FortiAuthenticator, FortiOS, and FortiSandbox","url":"https://feed.craftedsignal.io/briefs/2026-05-fortinet-multiple-vulnerabilities/"}],"language":"en","title":"CraftedSignal Threat Feed — FortiSandbox PaaS 21.3","version":"https://jsonfeed.org/version/1.1"}