InfoSecBulletin Cybersecurity for mankind
Fortinet issued a major security advisory on March 10, 2026, highlighting eleven vulnerabilities in its key products, such as FortiManager, FortiAnalyzer, FortiSwitchAXFixed, and FortiSandbox.
The flaws include authentication bypasses, buffer overflows, OS command injection, and SQL injection, which could enable remote attackers to run arbitrary commands or gain higher privileges on affected systems.
LastPass says hackers stole customer data via Klue, supply chain breach
New Apple Exploit Bypasses Boot Defenses, Possibly Affects Millions of iPhones Worldwide
India’s Tata Electronics hit by cyber breach: Hacker target 630 GB record
Anthropic’s Mythos reportedly broke NSA classified systems in hours
OpenAI New Method “Deployment Simulation” Predicts AI Risks Before Deployment
AryStinger botnet infected thousands of D-Link routers globally
Hacker suspected of sending alerts across Brazil
CyberSentinel AI features 33 security tools like Nmap, SQLMap, and ZAP, utilizing Claude and GPT
Barracuda hosts Dhaka roundtable on cyber resilience
CISA Alerts Fortinet Users as FortiBleed Affects 86,644 FortiGate Devices
High-Severity Vulnerabilities Patched
Two vulnerabilities received a high severity rating and pose the most significant risk to unpatched environments.
CVE-2026-22627 (FG-IR-26-086) highlights a Buffer Overflow issue (CWE-120) in the LLDP OUI field of FortiSwitchAXFixed versions 1.0.0 and 1.0.1. This vulnerability could let attackers overwrite memory, potentially leading to arbitrary code execution on the device.
CVE-2025-54820 (FG-IR-26-098) is a critical Stack-based Buffer Overflow (CWE-121) in the FortiManager fgtupdates service. It’s present in FortiManager versions 7.4.0 to 7.4.2 and 7.2.9 to 7.2.10. An attacker could exploit this vulnerability to execute remote code via a malicious update request, posing a serious risk to organizations with centralized network management.
Authentication and MFA Bypass Vulnerabilities:
Three separate vulnerabilities target authentication mechanisms across FortiManager and FortiAnalyzer, collectively creating significant access control risks.
CVE-2026-22629 (FG-IR-26-079) allows attackers to bypass authentication lockouts due to a race condition. This issue affects FortiAnalyzer versions 7.6.0 to 7.6.4, FortiAnalyzer Cloud, FortiManager 7.6.0 to 7.6.4, and FortiManager Cloud. Attackers can exploit this flaw to brute-force credentials without causing account lockouts.
CVE-2026-22572 (FG-IR-26-090) is a serious authentication bypass issue in the GUI of FortiAnalyzer and FortiManager versions 7.6.0–7.6.3 and their Cloud versions. It allows attackers to completely bypass multi-factor authentication, undermining a key security measure for administrative access.
CVE-2025-68482 (FG-IR-26-078) concerns flawed TLS certificate validation (CWE-295) in the FortiManager GUI during SSO authentication, impacting FortiAnalyzer and FortiManager versions 7.6.0–7.6.4. A remote attacker may exploit this through man-in-the-middle attacks to compromise the authentication process.
Command Injection and Privilege Escalation
CVE-2026-25836 (FG-IR-26-096) is a vulnerability in FortiSandbox Cloud 5.0.4 that allows OS Command Injection (CWE-78) through its vmimages update feature. An attacker with valid access could exploit this to run any OS command via the GUI, potentially compromising the entire system.
CVE-2025-48418 (FG-IR-26-081) reveals a hidden CLI feature (CWE-1242) in FortiManager and FortiAnalyzer, impacting versions 7.6.0–7.6.3 and related Cloud platforms. An attacker with access can misuse this command to gain unauthorized privileges.
CVE-2026-22628 (FG-IR-26-085) details an improper access control vulnerability (CWE-284) in FortiSwitchAXFixed 1.0.0 and 1.0.1. This issue lets authenticated admin users bypass SSH shell command restrictions using local configuration overrides.
The advisory includes other medium-rated issues. CVE-2025-68648 (FG-IR-26-092) is a format string vulnerability (CWE-134) in the fazsvcd component of FortiAnalyzer and FortiManager, accessible through the API.
CVE-2025-49784 (FG-IR-26-095) is an SQL Injection vulnerability (CWE-89) in the FortiAnalyzer JSON-RPC API, impacting versions 7.6.0 to 7.6.4 and FortiAnalyzer-BigData.
CVE-2025-53608 (FG-IR-26-091) is a stored XSS vulnerability (CWE-79) in the LDAP server of FortiSandbox versions 4.4.6–5.0.2.
