Multiple Command Injection Vulnerabilities in Fortinet Products
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
Fortinet has disclosed two critical vulnerabilities affecting its FortiAP and FortiMail products. The first, an OS Command Injection vulnerability in FortiAP, allows authenticated attackers to execute unauthorized commands via crafted CLI requests. The second, an SQL Injection vulnerability in FortiMail, similarly permits execution of unauthorized commands through specially crafted HTTP or HTTPS requests. Both vulnerabilities are classified under CWE-78 and CWE-89 respectively. They potentially allow privileged attackers to compromise systems if exploited. The vulnerabilities were initially published on May 12, 2026, and are currently under investigation. Users are advised to monitor for updates and apply patches as they become available.
Key Points: • Fortinet disclosed OS Command Injection and SQL Injection vulnerabilities on May 12, 2026. • Authenticated attackers can exploit these vulnerabilities to execute unauthorized commands. • Affected products include FortiAP and FortiMail, with potential for significant system compromise.