Critical Remote Code Execution Vulnerabilities in Fortinet Products

Severity: High (Score: 74.0)

Sources: Bleepingcomputer, fortiguard.fortinet.com, Cisecurity, Cybersecuritynews

Summary

On May 12, 2026, Fortinet disclosed multiple critical vulnerabilities in its FortiSandbox and FortiAuthenticator products that could allow unauthenticated attackers to execute arbitrary code remotely. The vulnerabilities are identified as CVE-2026-44277 and CVE-2026-26083, with the latter affecting FortiSandbox, FortiSandbox Cloud, and FortiSandbox PaaS. These flaws stem from improper access control and missing authorization, respectively. Fortinet has released patches for these vulnerabilities, urging users to update their systems immediately. While there are currently no reports of exploitation in the wild, the potential for remote code execution poses a significant risk to organizations using these products. The vulnerabilities could allow attackers to install programs, view or modify data, and create new accounts with full user rights. Security professionals are advised to apply the available hotfixes and monitor their systems for any suspicious activity. Key Points: • Fortinet disclosed critical RCE vulnerabilities in FortiSandbox and FortiAuthenticator. • CVE-2026-44277 and CVE-2026-26083 allow unauthenticated remote code execution. • Patches are available, and users are urged to update their systems immediately.

Key Entities

• Zero-day Exploit (attack_type)
• Fortinet (company)
• CVE-2026-21643 (cve)
• CVE-2026-26083 (cve)
• CVE-2026-35616 (cve)
• CVE-2026-44277 (cve)
• CWE-287 - Improper Authentication (cwe)
• CWE-862 - Missing Authorization (cwe)
• T1190 - Exploit Public-Facing Application (mitre_attack)
• FortiAP (platform)
• FortiAuthenticator (platform)
• FortiAuthenticator Cloud (platform)
• FortiOS (platform)
• FortiSandbox (platform)