- Fortinet has released security updates that address multiple vulnerabilities in its products.
- the affected products are FortiAnalyzer Cloud, FortiManager Cloud, FortiSandbox, and FortiDDoS-F.
- CVE-2026-22828 is a buffer overflow vulnerability in FortiAnalyzer Cloud and FortiManager Cloud. affected Versions are FortiAnalyzer Cloud 7.6.2 and earlier and 7.6.4 and earlier and FortiManager Cloud 7.6.2 and earlier and 7.6.4 and earlier.
- CVE-2026-39808 is an OS Command Injection vulnerability in FortiSandbox. affected Versions are 4.4.0 and later and 4.4.8 and earlier.
- CVE-2026-39813 is an authentication bypass and privilege escalation vulnerability in FortiSandbox. affected Versions are 5.0.0 and earlier and 5.0.5 and earlier and 4.4.0 and earlier and 4.4.8 and earlier.
- CVE-2026-39815 is a SQL Injection (database query injection) vulnerability in FortiDDoS-F. affected Versions are 7.2.1 and later and 7.2.2 and earlier.
- a patch was made available through the latest update, and Fortinet advised customers to follow the instructions on the reference site to update to the latest version of the Vulnerability Patch.
- the post-patch versions are FortiAnalyzer Cloud 7.6.5 and later and FortiManager Cloud 7.6.5 and later for CVE-2026-22828. For CVE-2026-39808, FortiSandbox 4.4.9 or later. For CVE-2026-39813, FortiSandbox 5.0.6 or later and 4.4.9 or later. For CVE-2026-39815, FortiDDoS-F 7.2.3 or later.
