- 89/2026
- Critical
Fortinet has released security updates to fix several vulnerabilities affecting multiple Fortinet products.
The addressed vulnerabilities could allow the attacker to execute unauthorized code or commands, bypass authentication controls, gain elevated privileges, perform denial-of-service and URL open redirection attacks, obtain sensitive information, conduct cross-site scripting, SSRF, and SQL injection attacks, and gain access to the affected systems.
Sample of the addressed vulnerabilities:
1. FortiSandbox JRPC API Path Traversal Authentication Bypass and Privilege Escalation Vulnerability (CVE-2026-39813):
- CVSS: 9.1
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Gain Privileges
2. FortiClientEMS SQL Injection Vulnerability (CVE-2026-39809):
- CVSS: 7.1
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Consequences: Remote Code Execution
Vulnerabilities
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.