Fortinet Patches Critical FortiSandbox Vulnerabilities
The flaws could allow attackers to bypass authentication or execute arbitrary code or commands via HTTP requests. The post Fortinet Patches Critical FortiSandbox Vulnerabilities appeared first on SecurityWeek.
Fortinet on Tuesday released 26 advisories detailing 27 vulnerabilities across its products, including two critical-severity flaws in FortiSandbox.
Tracked as CVE-2026-39813, the first of the critical bugs impacts the FortiSandbox JRPC API and could allow attackers to bypass authentication.
The second one, tracked as CVE-2026-39808, is an OS command injection issue that can be exploited for arbitrary code or command execution.
Source: https://www.securityweek.com/fortinet-patches-critical-fortisandbox-vulnerabilities/
Related breach coverage
- Ivanti Patches Exploited EPMM Zero-Days2026-01-30
The critical-severity vulnerabilities could allow unauthenticated attackers to execute arbitrary code remotely. The post Ivanti Patches Exploited EPMM Zero-Days appeared first on SecurityWeek.
- SAP Patches Critical Flaws in SQL Anywhere Monitor, Solution Manager2025-11-11
Hardcoded credentials in SQL Anywhere Monitor could allow attackers to execute arbitrary code on vulnerable deployments. The post SAP Patches Critical Flaws in SQL Anywhere Monitor, Solution Manager appeared first on SecurityWeek.
- Cisco Patches Critical Vulnerabilities in Contact Center Appliance2025-11-06
The flaws allow attackers to execute arbitrary code remotely and elevate their privileges to root on an affected system. The post Cisco Patches Critical Vulnerabilities in Contact Center Appliance appeared first on SecurityWeek.
- Exploitation of Critical Fortinet FortiClient EMS Flaw Begins2026-03-31
The SQL injection vulnerability allows unauthenticated attackers to execute arbitrary code remotely, via crafted HTTP requests. The post Exploitation of Critical Fortinet FortiClient EMS Flaw Begins appeared first on SecurityWeek.