Fortinet security patch release for CVE-2026-44277
Security Patch Release
Summary
Hide ▲
Show ▼
Fortinet released security updates for FortiSandbox and FortiAuthenticator to fix two critical vulnerabilities that could let an unauthenticated attacker execute commands or arbitrary code on unpatched systems. The patch set covers CVE-2026-44277 in FortiAuthenticator and CVE-2026-26083 in FortiSandbox, with fixed versions including FortiAuthenticator 6.5.7, 6.6.9, and 8.0.3. FortiAuthenticator Cloud is not impacted, while the FortiSandbox Cloud and FortiSandbox PaaS WEB UI exposure keeps the affected surface broad.
Related Happenings
FortiBleed multi-vendor brute-force wave
Exploitation Wave
H score75
First: 23.06.2026 21:20
Last: 23.06.2026 21:20
Sources 1
About this happening:
A **multi-vendor brute-force wave** tied to **FortiBleed** is hitting **Fortinet, Synology, Sophos, Citrix, RDWeb, and MS-SQL** targets, expanding the risk from one firewall-focus...
FortiBleed multi-vendor brute-force wave
Exploitation WaveAbout this happening: A **multi-vendor brute-force wave** tied to **FortiBleed** is hitting **Fortinet, Synology, Sophos, Citrix, RDWeb, and MS-SQL** targets, expanding the risk from one firewall-focus...
FortigateSniffer FortiOS packet-sniffer credential-harvesting tool
Malware Activity
H score72
First: 22.06.2026 23:01
Last: 22.06.2026 23:01
Sources 1
About this happening:
**FortigateSniffer** is a **Golang-based credential-harvesting tool** used in the **FortiBleed** operation against **FortiGate firewalls**. It abuses **FortiOS** packet-sniffing f...
FortigateSniffer FortiOS packet-sniffer credential-harvesting tool
Malware ActivityAbout this happening: **FortigateSniffer** is a **Golang-based credential-harvesting tool** used in the **FortiBleed** operation against **FortiGate firewalls**. It abuses **FortiOS** packet-sniffing f...
Initial access broker (IAB) campaign expands across multiple victims
Campaign
H score89
First: 22.06.2026 23:01
Last: 22.06.2026 23:01
Sources 1
About this happening:
The **FortiBleed** campaign is a live **credential-harvesting** activity targeting **Fortinet FortiGate** devices worldwide. It has been active since at least **February 2026** an...
Initial access broker (IAB) campaign expands across multiple victims
CampaignAbout this happening: The **FortiBleed** campaign is a live **credential-harvesting** activity targeting **Fortinet FortiGate** devices worldwide. It has been active since at least **February 2026** an...
Latest development: 23.06.2026 13:30
On June 15, attackers behind FortiBleed successfully cracked Kerberos hashes and immediately exfiltrated DFS backup data from a NATO-aligned defense contractor, extending the campaign from credential harvesting into direct data theft.
Fortinet security patch release for CVE-2026-39813
Security Patch Release
H score41
First: 16.06.2026 12:19
Last: 16.06.2026 12:19
Sources 1
About this happening:
**Fortinet** released **April 14** security updates for **FortiSandbox**, covering **CVE-2026-39813**, **CVE-2026-39808**, and **CVE-2026-25089**. The patch release fixes **three...
Fortinet security patch release for CVE-2026-39813
Security Patch ReleaseAbout this happening: **Fortinet** released **April 14** security updates for **FortiSandbox**, covering **CVE-2026-39813**, **CVE-2026-39808**, and **CVE-2026-25089**. The patch release fixes **three...
Fortinet FortiSandbox multi-CVE exploitation wave
Exploitation Wave
H score49
First: 16.06.2026 12:19
Last: 16.06.2026 12:19
Sources 1
About this happening:
**Fortinet FortiSandbox** is facing an **active exploitation wave** that puts **affected deployments** at risk of **unauthenticated remote code execution** and **privilege escalat...
Fortinet FortiSandbox multi-CVE exploitation wave
Exploitation WaveAbout this happening: **Fortinet FortiSandbox** is facing an **active exploitation wave** that puts **affected deployments** at risk of **unauthenticated remote code execution** and **privilege escalat...
Timeline
-
12.05.2026 21:23 2 articles · 1mo ago
Fortinet releases fixes for FortiAuthenticator and FortiSandbox
Mitigation Patch UpdateFortinet released security updates on 2026-05-12 for FortiAuthenticator and FortiSandbox to address CVE-2026-44277 and CVE-2026-26083, both of which could let an unauthenticated attacker execute unauthorized code or commands on unpatched systems via crafted requests or HTTP requests. The fixes include FortiAuthenticator versions 6.5.7, 6.6.9, and 8.0.3, and FortiAuthenticator Cloud (formerly FortiTrust Identity) is not impacted.
Show sources
- Fortinet warns of critical RCE flaws in FortiSandbox and FortiAuthenticator — www.bleepingcomputer.com — 12.05.2026 21:23
- Fortinet warns of critical RCE flaws in FortiSandbox and FortiAuthenticator — www.bleepingcomputer.com — 12.05.2026 21:23