Fortinet Releases Critical Security Patches for 11 Vulnerabilities
Given the severity and impact of these flaws, it is essential for organizations to act quickly to safeguard their networks and prevent potential breaches or unauthorized access.
The vulnerabilities were coordinated by the Fortinet Product Security Incident Response Team (PSIRT), showcasing the company’s proactive stance on identifying and resolving security threats.
Among the patched issues are two critical vulnerabilities that demand immediate attention from network administrators and security teams:
Critical Vulnerabilities Pose Serious Risk to Enterprise Networks
The most pressing threats include:
- OS Command Injection (CVE-2026-39808): A critical flaw found in the FortiSandbox and FortiSandbox PaaS API endpoint enables unauthenticated attackers to run arbitrary OS commands. This vulnerability arises from improper neutralization of special elements and could allow full system compromise. More details can be found in a similar vulnerability analysis.
- Authentication Bypass and Privilege Escalation (CVE-2026-39813): Located within the FortiSandbox JRPC API, this path traversal vulnerability allows unauthenticated attackers to bypass authentication and escalate privileges. It poses a serious risk to internal systems and could lead to unauthorized administrative access. See a related Citrix vulnerability post for comparative context.
The remaining nine vulnerabilities range in severity from high to low:
- Heap-based buffer overflows like CVE-2026-22828 in the FortiAnalyzer and FortiManager Cloud oftpd daemon, which can cause system crashes or code execution.
- Medium-severity path traversal flaws such as CVE-2025-68649 and CVE-2025-61624, along with stored and reflected Cross-Site Scripting (XSS) and SQL injection vulnerabilities.
- Missing authentication for critical functions like CVE-2025-53847, which affects FortiOS and FortiSwitchManager and leaves systems exposed to unauthenticated internal threats.
Comprehensive List of Addressed Vulnerabilities
The following table outlines all 11 vulnerabilities addressed in the Fortinet PSIRT advisories released on April 14, 2026:
| CVE ID | Vulnerability Description | Affected Products | Severity | Attack Type |
|---|---|---|---|---|
| CVE-2026-39808 | OS Command Injection through API endpoint | FortiSandbox, FortiSandbox PaaS | Critical | Unauthenticated |
| CVE-2026-39813 | Unauthenticated Authentication bypass and Privilege escalation | FortiSandbox | Critical | Unauthenticated |
| CVE-2026-22828 | Heap-based buffer overflow in oftpd daemon | FortiAnalyzer Cloud, FortiManager Cloud | High | Unauthenticated |
| CVE-2026-25691 | Arbitrary directory delete on vmimages delete feature | FortiSandbox, FortiSandbox Cloud, FortiSandbox PaaS | Medium | Authenticated |
| CVE-2025-53847 | Missing Authentication for critical function in CAPWAP daemon | FortiOS, FortiSwitchManager | Medium | Unauthenticated |
| CVE-2026-39812 | Multiple Stored XSS | FortiSandbox, FortiSandbox PaaS | Medium | Authenticated |
| CVE-2025-68649 | Path Traversal in CLI | FortiAnalyzer, FortiManager | Medium | Authenticated |
| CVE-2025-61624 | Path Traversal in CLI | FortiOS, FortiPAM, FortiProxy, FortiSwitchManager | Medium | Authenticated |
| CVE-2025-61886 | Reflected XSS in Operation Center | FortiSandbox, FortiSandbox PaaS | Medium | Unauthenticated |
| CVE-2025-61848 | SQL Injection via JSON RPC API | FortiAnalyzer, FortiManager | Medium | Authenticated |
| CVE-2026-27316 | Credential disclosure in LDAP configuration web page | FortiSandbox, FortiSandbox PaaS | Low | Authenticated |
Organizations are strongly encouraged to review the official Fortinet PSIRT advisories and apply the latest patches to their systems as soon as possible. Recommended mitigation steps include:
- Upgrading Firmware: Apply the latest patched firmware versions for all affected Fortinet products.
- Monitoring Logs: Regularly check system logs and monitor network traffic for signs of exploitation attempts targeting vulnerable API endpoints.
- Restricting Access: Limit external access to sensitive management interfaces and enforce strict access controls.
For a seamless transition to patched versions, administrators should use the official Fortinet Upgrade Path Tool to ensure system stability during the update process.