Security Advisory

Fortinet Product Security Update Advisory

  • May 18 2026
Fortinet Product Security Update Advisory

Overview

Fortinet has released a security update that addresses a vulnerability in its products. users of the affected products should update to the latest version.

Vulnerabilities Addressed

  • CVE-2026-26083: An authentication omission vulnerability in the web UI of FortiSandbox, FortiSandbox Cloud, and FortiSandbox PaaS.
  • CVE-2026-44277: An improper access control vulnerability in FortiAuthenticator.

Affected Products

  • CVE-2026-26083 Affects.
    • FortiSandbox 5.0.0 and later and 5.0.1 and earlier.
    • FortiSandbox 4.4.0 and earlier and 4.4.8 and earlier.
    • All versions of FortiSandbox Cloud 24.
    • All versions of FortiSandbox Cloud 23.
    • FortiSandbox Cloud 5.0.2 or later and 5.0.5 or earlier.
    • All versions of FortiSandbox PaaS 23.4, 23.3, 23.1, 22.2, 22.1, 21.4, 21.3.
    • FortiSandbox PaaS 5.0.0 or later and 5.0.1 or earlier.
    • FortiSandbox PaaS 4.4.5 or later and 4.4.8 or earlier.
  • CVE-2026-44277 Affected by.
    • FortiAuthenticator 8.0.2.
    • FortiAuthenticator 8.0.0.
    • FortiAuthenticator 6.6.0 and later and 6.6.8 and earlier.
    • FortiAuthenticator 6.5.0 or later and 6.5.6 or earlier.

Fix Version

  • CVE-2026-26083.
    • FortiSandbox 5.0.2 or later.
    • FortiSandbox 4.4.9 and later.
    • FortiSandbox Cloud 24 and 23 migrated to the corrected release.
    • FortiSandbox Cloud 5.0.6 and later.
    • FortiSandbox PaaS 23.4, 23.3, 23.1, 22.2, 22.1, 21.4, and 21.3 migrated to a revised release.
    • FortiSandbox PaaS 5.0.2 and later.
    • FortiSandbox PaaS 4.4.9 and later.
  • CVE-2026-44277.
    • FortiAuthenticator 8.0.3 and later.
    • FortiAuthenticator 6.6.9 and later.
    • FortiAuthenticator 6.5.7 or later.

Note

fortiguard Fortinet PSIRT Bulletins FG-IR-26-136 and FG-IR-26-128 are listed as reference sites.

Tags:
Previous Post

Next Post