VYPR
patchPublished Jul 14, 2026· 1 source

Fortinet Patches Seven Vulnerabilities Across FortiOS, FortiProxy, FortiPAM, and FortiSandbox

Fortinet has released patches for seven vulnerabilities affecting its core network security products, including critical flaws in FortiSandbox and FortiOS.

Fortinet has issued security advisories for seven vulnerabilities impacting its widely deployed FortiOS, FortiProxy, FortiPAM, and FortiSandbox products. The patches address a range of issues, from low-severity CRLF injection and reflected XSS bugs to more critical flaws like path traversal and unauthenticated VNC exposure.

The vulnerabilities affect various versions of these enterprise-grade security solutions. Specifically, FortiOS versions 7.0 through 8.0, FortiProxy versions 7.2 through 7.6, FortiPAM versions 1.4 through 1.9, and FortiSandbox versions 4.4 through 5.2 are included in the scope of these advisories. Given the critical role these products play in network defense, organizations are urged to apply the provided patches promptly.

Among the disclosed vulnerabilities, CVE-2026-59839 stands out. This path traversal flaw, affecting the CLI interface, allows authenticated users to delete critical files within the root filesystem. Successful exploitation could lead to denial-of-service conditions or system instability, severely impacting the availability of network security devices.

Another significant concern is CVE-2026-59835, found in FortiSandbox. This vulnerability exposes the VNC server without any authentication on all network interfaces. Attackers could leverage this to gain direct console access to the sandboxing appliance, a component vital for analyzing potentially malicious files in isolated environments, thereby bypassing security controls.

Additionally, two CRLF injection vulnerabilities (FG-IR-26-152 and FG-IR-26-153) have been identified in the Web Filter warning page and the captive portal authentication form. While rated as low severity, these could be chained with other techniques to manipulate user perceptions or facilitate phishing attacks.

The SSL-VPN component is also affected by CVE-2026-23573, a reflected XSS vulnerability that is unauthenticated. This could allow attackers to craft malicious links targeting users who access the SSL-VPN portal, a common entry point for remote access and a frequent target in real-world attacks.

Fortinet recommends immediate application of the patches for all affected products. Administrators should also restrict CLI access to only trusted personnel and audit the network exposure of FortiSandbox, disabling VNC access where not strictly necessary. Given Fortinet's history of advisories preceding active exploitation, these vulnerabilities should be treated as a high-priority patching task.

Synthesized by Vypr AI