Fortinet Patch Tuesday – May 2026
Overview Fortinet published 11 advisories on Patch Tuesday describing as many bugs, including two dealing with critical-severity code execution security defects. While the company did not tag these two security…
Fortinet FortiSandbox — Critical Vulnerability Advisory
Fortinet published a sweeping security advisory on April 14, 2026, disclosing multiple vulnerabilities across its FortiSandbox platform. Two of the flaws are rated Critical with unauthenticated attack vectors, demanding immediate…
CISA Adds Seven Vulnerabilities to KEV Catalog — April 13, 2026
CISA has expanded the Known Exploited Vulnerabilities catalog with seven new entries on April 13, 2026, based on evidence of active exploitation. The batch spans three vendors — Microsoft, Adobe,…
CVE-2026-35616 — Fortinet FortiClient EMS Critical Pre-Auth RCE
Executive Summary Fortinet FortiClient Endpoint Management Server (EMS) versions 7.4.5 and 7.4.6 contain a critical improper access control vulnerability (CWE-284) in the API authentication layer. Unauthenticated remote attackers can bypass…
Critical SQL Injection in FortiClientEMS: CVE-2026-21643
CVE-2026-21643 is a critical SQL injection vulnerability affecting Fortinet FortiClientEMS version 7.4.4, enabling unauthenticated attackers to execute arbitrary code via crafted HTTP requests to the administrative interface. Vulnerability Overview This…
CVE-2026-24858: Fortinet FortiCloud SSO Zero-Day Under Active Exploitation
A critical authentication bypass vulnerability, CVE-2026-24858, impacts multiple Fortinet products via flawed FortiCloud SSO controls. Fortinet confirmed active exploitation by malicious accounts before patches rolled out this week. Vulnerability Overview…
CVE-2025-64155 – Critical RCE in Fortinet FortiSIEM
Fortinet patched a severe unauthenticated remote command injection flaw in FortiSIEM on January 13, 2026, tracked as CVE-2025-64155 with CVSS 9.4.Discovered by Horizon3.ai in August 2025, it chains argument injection…
Fortinet Critical Bugs CVE-2025-59718 and CVE-2025-59719
Fortinet recently disclosed two critical authentication bypass vulnerabilities in its FortiCloud SSO login feature, tracked as CVE-2025-59718 and CVE-2025-59719. These flaws allow unauthenticated attackers to gain full administrative access via…