CVE-2026-39808 is an OS command injection flaw in FortiSandbox that allows unauthenticated attackers to execute unauthorized ...

Fortinet patched 27 vulnerabilities, including two critical FortiSandbox flaws leading to authentication bypass and code ...

The authentication bypass flaw, tracked as CVE-2026-35616, is the latest in a series of Fortinet vulnerabilities that have ...

Fortinet has confirmed that attackers are already exploiting a 9.1-rated zero-day vulnerability. Emergency security update ...

Fortinet warns of a critical FortiClient EMS zero-day vulnerability that is currently being exploited, allowing attackers to ...

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) ordered federal agencies to secure FortiClient Enterprise ...

Critical SAP, Adobe, Fortinet, and Microsoft flaws disclosed in April Patch Tuesday, enabling RCE and data theft risks.

CVE-2026-35616 (CVSS 9.1) exploited since March 31, 2026, affects FortiClient EMS 7.4.5–7.4.6, enabling privilege escalation.

Fortinet fixed a critical command injection vulnerability in FortiSIEM, which is subject to a working exploit in the wild, as well as a high-severity authentication bypass in FortiOS, FortiProxy, and ...

The Cybersecurity and Infrastructure Security Agency (CISA) has added a Fortinet critical flaw to its known exploited vulnerabilities catalog. CISA on Tuesday added the flaw to the KEV catalog, a day ...