MDR
Solutions
Partners
About
Resources
FortiOS, FortiAP, FortiAP-W2, FortiAP-U, FortiSandbox, FortiSandbox Cloud/PaaS, FortiAnalyzer, and FortiManager deployments.
Five CVEs enabling RCE, privilege escalation, auth bypass, OS command injection, and denial-of-service conditions.
Vulnerabilities disclosed 12–13 May 2026; no confirmed active exploitation reported at time of publication.
Network-accessible management interfaces, CLI, capwap daemon, and web UI across multiple Fortinet product lines.
Out-of-bounds write, OS command injection, missing authorisation, dangerous function use, and improper input neutralisation flaws.
Authenticated or unauthenticated attackers send crafted HTTP/CLI requests to trigger vulnerable code paths and gain control.
Successful exploitation allows full system compromise, data modification, config alteration, and administrative account creation.
High risk to large/medium government and business entities; network security infrastructure could be fully undermined.
Apply Fortinet patches immediately; upgrade affected versions or migrate to fixed releases per vendor guidance.
Audit Fortinet device logs, enforce least privilege, segment networks, enable exploit protection, and conduct vulnerability scans.
Fortinet PSIRT advisories: FG-IR-26-123, FG-IR-26-133, FG-IR-26-136, FG-IR-26-137, FG-IR-26-131. CVEs: CVE-2025-53844, CVE-2025-53870, CVE-2026-26083, CVE-2025-67604, CVE-2025-53680.
Trusted by clients worldwide
Led by human expertise and powered by the VisionX platform, we provide you with a 24/7 unbeatable Managed Detection & Response capability giving you transparent and consolidated security solutions.
.jpg)