Skip to content
Threat Feed

Tag

Fortinet

7 briefs RSS
high advisory

Multiple Vulnerabilities in Fortinet FortiSandbox

Multiple vulnerabilities in Fortinet FortiSandbox allow attackers to perform cross-site scripting attacks, disclose information, bypass security measures, and execute arbitrary code, potentially leading to system compromise.

fortinet fortisandbox vulnerability xss code-execution
3r 3t
critical advisory

Fortinet FortiSandbox OS Command Injection Vulnerability (CVE-2026-39808)

Fortinet FortiSandbox versions 4.4.0 through 4.4.8 are vulnerable to OS Command Injection (CVE-2026-39808), potentially allowing unauthenticated attackers to execute arbitrary code or commands.

cve command-injection fortinet
2r 1t 1c 1i
high advisory

Fortinet FortiDDoS-F SQL Injection Vulnerability (CVE-2026-39815)

An SQL injection vulnerability (CVE-2026-39815) in Fortinet FortiDDoS-F versions 7.2.1 through 7.2.2 may allow a low-privilege attacker to execute unauthorized code or commands.

sqli fortinet cve-2026-39815
2r 3t 1c
critical advisory

Fortinet FortiSandbox Path Traversal Vulnerability (CVE-2026-39813)

A path traversal vulnerability (CVE-2026-39813) in Fortinet FortiSandbox versions 5.0.0 through 5.0.5 and 4.4.0 through 4.4.8 may allow an unauthenticated attacker to escalate privileges via '../filedir'.

path-traversal vulnerability privilege-escalation fortinet
2r 1t 1c 2i
high advisory

Fortinet FortiAnalyzer and FortiManager Cloud Heap-Based Buffer Overflow Vulnerability (CVE-2026-22828)

CVE-2026-22828 is a heap-based buffer overflow in Fortinet FortiAnalyzer and FortiManager Cloud versions 7.6.2 through 7.6.4, potentially allowing a remote unauthenticated attacker to execute arbitrary code with a significant preparation effort due to ASLR and network segmentation.

cve-2026-22828 fortinet heap-overflow cloud
2r 2t 1c
critical threat

Fortinet FortiClient EMS Unauthenticated Remote Code Execution via CVE-2026-35616

A critical vulnerability, CVE-2026-35616, exists in Fortinet FortiClient EMS (Endpoint Management Server) allowing unauthenticated attackers to bypass API authentication and authorization checks to execute arbitrary code or commands, potentially leading to full compromise of the EMS infrastructure.

exploited fortinet forticlient ems rce cve-2026-35616
2r 2t 1c
critical threat

Critical Vulnerability CVE-2026-35616 Exploited in FortiClient EMS

CVE-2026-35616, a critical vulnerability in FortiClient EMS, allows unauthenticated remote attackers to execute arbitrary code or commands via crafted API requests due to improper access control, with Fortinet confirming active exploitation.

exploited fortinet forticlient ems cve-2026-35616 vulnerability
2r 1t 1c