Fortinet released security updates for its FortiAuthenticator and FortiSandbox products to address critical vulnerabilities. Singapore’s Cyber Security Agency highlighted these risks in a May 15, 2026, advisory. One vulnerability received a Common Vulnerability Scoring System (CVSS) score of 9.8 out of 10.
These flaws allow unauthenticated attackers to execute unauthorized code or commands through crafted requests. The vulnerabilities affect multiple versions of both FortiAuthenticator and FortiSandbox.
Fortinet strongly advises administrators to apply the latest security updates immediately. These patches mitigate the severe risks associated with the identified exploits.