Back

Multiple Vulnerabilities Discovered in Fortinet Products

Severity: Medium (Score: 54.3)

Sources: fortiguard.fortinet.com

Summary

Fortinet has disclosed two significant vulnerabilities affecting its products. The first, an OS Command Injection vulnerability in FortiAP, allows authenticated privileged attackers to execute unauthorized commands via crafted CLI requests. The second, an SQL Injection vulnerability in FortiMail, similarly permits attackers to execute unauthorized code through crafted HTTP or HTTPS requests. Both vulnerabilities were published on May 12, 2026, and affect systems that utilize FortiAP and FortiMail. Organizations using these products are advised to assess their exposure and apply necessary mitigations. No specific CVEs were mentioned in the articles, but the vulnerabilities are classified under CWE-78 and CWE-89 respectively. The current status indicates that both vulnerabilities are known but may not have been actively exploited yet. Key Points: • Fortinet disclosed OS Command Injection and SQL Injection vulnerabilities. • Affected products include FortiAP and FortiMail, impacting authenticated users. • Organizations are urged to assess their systems and implement mitigations.

Key Entities

  • OS Command Injection (vulnerability)
  • Sql Injection (attack_type)
  • CWE-78 - OS Command Injection (cwe)
  • Cwe-89 - SQL Injection (cwe)
  • T1059 - Command and Scripting Interpreter (mitre_attack)
  • FortiAP (platform)
  • FortiAP-U (platform)
  • FortiAP-W2 (platform)
  • FortiMail (platform)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed