Tag
Multiple Critical Vulnerabilities in Fortinet Products Lead to RCE and Data Exposure
2 rules 4 TTPs 3 CVEs 6 IOCsMultiple critical vulnerabilities (CVE-2025-67862, CVE-2026-25089, CVE-2026-49938) have been discovered across Fortinet products including FortiOS, FortiPortal, FortiProxy, and FortiSandbox, enabling unauthenticated attackers to achieve remote arbitrary code execution and compromise data confidentiality.
Fortinet FortiAnalyzer and FortiManager Vulnerability Allows Denial of Service
2 rules 1 TTPA remote, authenticated attacker can exploit a vulnerability in Fortinet FortiAnalyzer and FortiManager to perform a denial-of-service attack, disrupting normal operations.
Fortinet FortiSandbox Vulnerability Allows Remote Code Execution
2 rules 1 TTPA remote, anonymous attacker can exploit a vulnerability in Fortinet FortiSandbox to execute arbitrary program code, potentially leading to system compromise.
Fortinet FortiOS Privilege Escalation Vulnerability
2 rules 1 TTPAn authenticated remote attacker can exploit a vulnerability in Fortinet FortiOS to escalate their privileges.
Multiple Vulnerabilities in Fortinet Products Could Allow for Remote Code Execution
2 rules 1 TTPMultiple vulnerabilities in Fortinet's FortiAuthenticator and FortiSandbox products could lead to remote code execution, potentially allowing attackers to install programs, modify data, or create new accounts.
Fortinet Patches Multiple Vulnerabilities in FortiAuthenticator, FortiOS, and FortiSandbox
2 rulesFortinet released security advisories on May 12, 2026, addressing critical vulnerabilities including improper access control, incorrect global authorization, and out-of-bounds access across FortiAuthenticator, FortiOS, and FortiSandbox product lines, urging users to apply necessary updates.
Multiple Vulnerabilities in Fortinet FortiSandbox
3 rules 3 TTPsMultiple vulnerabilities in Fortinet FortiSandbox allow attackers to perform cross-site scripting attacks, disclose information, bypass security measures, and execute arbitrary code, potentially leading to system compromise.
Fortinet FortiSandbox OS Command Injection Vulnerability (CVE-2026-39808)
2 rules 1 TTP 1 CVEFortinet FortiSandbox versions 4.4.0 through 4.4.8 are vulnerable to OS Command Injection (CVE-2026-39808), potentially allowing unauthenticated attackers to execute arbitrary code or commands.
Fortinet FortiDDoS-F SQL Injection Vulnerability (CVE-2026-39815)
2 rules 3 TTPs 1 CVEAn SQL injection vulnerability (CVE-2026-39815) in Fortinet FortiDDoS-F versions 7.2.1 through 7.2.2 may allow a low-privilege attacker to execute unauthorized code or commands.
Fortinet FortiSandbox Path Traversal Vulnerability (CVE-2026-39813)
2 rules 1 TTP 1 CVEA path traversal vulnerability (CVE-2026-39813) in Fortinet FortiSandbox versions 5.0.0 through 5.0.5 and 4.4.0 through 4.4.8 may allow an unauthenticated attacker to escalate privileges via '../filedir'.
Fortinet FortiAnalyzer and FortiManager Cloud Heap-Based Buffer Overflow Vulnerability (CVE-2026-22828)
2 rules 2 TTPs 1 CVECVE-2026-22828 is a heap-based buffer overflow in Fortinet FortiAnalyzer and FortiManager Cloud versions 7.6.2 through 7.6.4, potentially allowing a remote unauthenticated attacker to execute arbitrary code with a significant preparation effort due to ASLR and network segmentation.
Fortinet FortiClient EMS Unauthenticated Remote Code Execution via CVE-2026-35616
2 rules 2 TTPs 1 CVEA critical vulnerability, CVE-2026-35616, exists in Fortinet FortiClient EMS (Endpoint Management Server) allowing unauthenticated attackers to bypass API authentication and authorization checks to execute arbitrary code or commands, potentially leading to full compromise of the EMS infrastructure.
Critical Vulnerability CVE-2026-35616 Exploited in FortiClient EMS
2 rules 1 TTP 1 CVECVE-2026-35616, a critical vulnerability in FortiClient EMS, allows unauthenticated remote attackers to execute arbitrary code or commands via crafted API requests due to improper access control, with Fortinet confirming active exploitation.