FortiSandbox Security Patch Released by Fortinet, Fixes Critical Vulnerability

Vaibhav April 15, 2026
FortiSandbox-Security-Patch-Released-by-Fortinet-Fixes-Critical-Vulnerability
Post Views: 6

Fortinet Issues 26 Security Advisories Fixing 27 Vulnerabilities

Fortinet has recently released 26 security advisories addressing 27 vulnerabilities across its product line.

Critical Flaws Discovered in FortiSandbox

Two critical-severity flaws were discovered in FortiSandbox, impacting the JRPC API and potentially allowing attackers to bypass authentication. A second critical bug, identified as CVE-2026-39808, involves an operating system command injection vulnerability that enables arbitrary code or command execution.

According to Fortinet, both vulnerabilities have a Common Vulnerability Scoring System (CVSS) rating of 9.1 and can be exploited without authentication via specially crafted HTTP requests.

Vulnerability in FortiAnalyzer Cloud

A high-severity buffer overflow vulnerability was discovered in FortiAnalyzer Cloud (CVE-2026-22828), which could result in remote code execution or arbitrary command execution. However, successful exploitation would require significant effort due to Address Space Layout Randomization (ASLR) and network segmentation.

SQL Injection Vulnerabilities in FortiDDoS-F and FortiClientEMS

Fortinet also patched two high-severity SQL injection vulnerabilities in FortiDDoS-F and FortiClientEMS. These flaws can be exploited via crafted requests to run arbitrary SQL queries on the database, requiring authentication.

Additional Patches for Medium- and Low-Severity Issues

Fortinet also addressed various other security defects, including medium- and low-severity issues related to service discovery, cross-site scripting (XSS) attacks, code execution, information disclosure, path traversal attacks, file write and deletion, user redirects, configuration tampering, denial-of-service (DoS) attacks, database dump decryption, credential leaks, authentication bypass, and arbitrary directory deletion.

None of the patched vulnerabilities have been exploited in the wild, according to Fortinet, and additional information can be found on the company’s Product Security Incident Response Team (PSIRT) advisories page.



About Author

Vaibhav

See author's posts

More Stories

EU-Mandates-Coordinated-Vulnerability-Disclosure-A-Cultural-Shift-Ahead

EU Mandates Coordinated Vulnerability Disclosure: A Cultural Shift Ahead

Vaibhav April 15, 2026
Global-Vulnerability-Alert-Sophisticated-Adobe-Reader-Exploit-Identified

Global Vulnerability Alert: Sophisticated Adobe Reader Exploit Identified

Vaibhav April 11, 2026
Suspected-Anodot-Data-Breach-Impacts-Snowflake-Customers

Suspected Anodot Data Breach Impacts Snowflake Customers

Vaibhav April 8, 2026

Latest Cyber Security News

Not-All-CISO-Roles-Are-Equally-Demanding-and-Challenging-Insights-from-ESET-Mimecast-at-RSAC

Not All CISO Roles Are Equally Demanding and Challenging: Insights from ESET, Mimecast at RSAC

Vaibhav April 15, 2026
Sitehops-SAFEcore-Edge-Offers-Ultra-Low-Latency-Post-Quantum-Encryption-Solutions

Sitehops SAFEcore Edge Offers Ultra-Low Latency Post Quantum Encryption Solutions

Vaibhav April 15, 2026
IPL-Ticket-Scam-Woman-Loses-52-500-Using-Fake-QR-Codes-in-Bengaluru

IPL Ticket Scam: Woman Loses ₹52,500 Using Fake QR Codes in Bengaluru

Vaibhav April 15, 2026
India-s-Largest-Cryptocurrency-Scandal-Worth-17-000-Crore

India’s Largest Cryptocurrency Scandal Worth ₹17,000 Crore

Vaibhav April 15, 2026
Microsoft-Resolves-Critical-Bug-Affecting-Automatic-Windows-Server-2025-Updates

Microsoft Resolves Critical Bug Affecting Automatic Windows Server 2025 Updates

Vaibhav April 15, 2026
en_USEnglish
en_USEnglish