The Fortinetwatch hub is a vendor-specific view inside ITECS MSP Threat Radar. We pull the latest security advisories, incidents, and known-exploited CVEs directly from the official feeds below, score each one for MSP relevance, and surface what's most likely to need attention this week.
Confirm whether recent Fortinet activity overlaps with your environment.
Prioritize advisories by MSP-relevance score, severity, and status.
Turn the signal into an assessment, briefing, or managed-service engagement with ITECS.
At a glance
Tracked
137
Active
30
Featured
44
Unique CVEs
5
Most recent entry
May 12, 2026, 1:16 PM
Feed refreshes daily · 5:15 a.m. Central
Sources·Fortinet PSIRT RSS, CISA KEV, and NVD
"Most recent entry" is the newest item the upstream feed has published — not our sync time.
Watch items
Recent Fortinet watch items
Showing the 20 most recent items, newest first. Each row links to the official advisory.
20 rows · sorted newest first
Operations view
Linux Kernel Vulnerability copy.fail - CVE-2026-31431
high
watchVendor advisoryCVE-2026-31431
CVSSv3 Score:
7.8
CVE-2026-31431In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert to operating out-of-place This mostly reverts commit 72548b093ee3 except for the copying of the associated data. There is no benefit in operating in-place in algif_aead since the source and destination come from different mappings. Get rid of all the complexity added for in-place operation and just copy the AD directly.
Revised on 2026-05-13 00:00:00
An improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiNDR 7.6.0 through 7.6.2, FortiNDR 7.4.0 through 7.4.9, FortiNDR 7.2 all versions, FortiNDR 7.1 all versions, FortiNDR 7.0 all versions may allow an authenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests.
Incorrect global authorization (FortiSandbox, FortiSandbox Cloud and FortiSandbox PaaS WEB UI)
critical
watchVendor advisory
CVSSv3 Score:
9.1
A missing authorization vulnerability [CWE-862] in FortiSandbox, FortiSandbox Cloud and FortiSandbox PaaS WEB UI may allow an unauthenticated attacker to execute unauthorized code or commands via HTTP requests.
Revised on 2026-05-12 00:00:00
Improper access control on API endpoints (FortiAuthenticator)
critical
watchVendor advisory
CVSSv3 Score:
9.1
An Improper Access Control vulnerability [CWE-284] in FortiAuthenticator may allow an unauthenticated attacker to execute unauthorized code or commands via crafted requests.
Revised on 2026-05-12 00:00:00
Out-of-bounds access in CAPWAP daemon (FortiOS capwap daemon)
high
watchVendor advisory
CVSSv3 Score:
8.3
An Out-Of-Bounds Write vulnerability [CWE-787] in FortiOS capwap daemon may allow an attacker controlling an authenticated FortiAP FortiExtender or FortiSwitch to gain execution privileges on the FortiGate device
Revised on 2026-05-12 00:00:00
OS command injection in CLI (FortiAP and FortiAP-W2 cli)
medium
watchVendor advisory
CVSSv3 Score:
6.5
An OS command injection vulnerabtility [CWE-78] in FortiAP and FortiAP-W2 cli may allow an authenticated attacker to execute unauthorized code or commands via a specifically crafted cli command.
Revised on 2026-05-12 00:00:00
SQL command injection in administrative portal (an SQL Command ('SQL Injection') vulnerability [CWE-89] in FortiMail)
medium
watchVendor advisory
CVSSv3 Score:
6.3
An improper neutralization of special elements used in an SQL Command ('SQL Injection') vulnerability [CWE-89] in FortiMail may allow an authenticated privileged attacker to execute unauthorized code or commands via specifically crafted HTTP or HTTPS requests.
Revised on 2026-05-12 00:00:00
DoS due to unsafe function in signal handler (FortiAnalyzer and FortiManager API)
medium
watchVendor advisory
CVSSv3 Score:
5.2
A use of potentially Dangerous Function vulnerability [CWE-676] in FortiAnalyzer and FortiManager API may allow an authenticated attacker to cause a system hang via multiple specially crafted HTTP requests causing crashes. This happens if internal locks are aligned, which is out of control of the attacker.
Revised on 2026-05-12 00:00:00
OTP Disclosure via Exported TokenContentProvider (FortiTokenAndroid)
medium
watchVendor advisory
CVSSv3 Score:
5.0
An improper export of Android application components [CWE-926] in FortiTokenAndroid may allow other applications on the device to read the OTP code via an exported Content Provider URI.
Revised on 2026-05-12 00:00:00
Arbitrary log file read in administrative interface (a Command ('Argument Injection') vulnerability [CWE-88] in FortiDeceptor WEB UI)
medium
watchVendor advisory
CVSSv3 Score:
4.0
An Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability [CWE-88] in FortiDeceptor WEB UI may allow an authenticated attacker with at least read-only admin permission to read log files via HTTP crafted requests.
Revised on 2026-05-12 00:00:00
Command injection in CLI (an OS command ("OS Command Injection") vulnerability [CWE-78] in FortiAP, FortiAP-U & FortiAP-W2 CLI)
medium
watchVendor advisory
CVSSv3 Score:
6.1
An improper neutralization of special elements used in an OS command ("OS Command Injection") vulnerability [CWE-78] in FortiAP, FortiAP-U & FortiAP-W2 CLI may allow an authenticated privileged attacker to execute unauthorized code or commands via crafted CLI requests.
Revised on 2026-05-12 00:00:00
User controlled SQL commands (an SQL command ('SQL injection') vulnerability [CWE-89] in FortiNDR)
medium
watchVendor advisory
CVSSv3 Score:
5.1
An improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability [CWE-89] in FortiNDR may allow an authenticated attacker to execute arbitrary SQL commands on selected databases and tables via specifically crafted HTTP requests.
Revised on 2026-05-12 00:00:00
Hardcoded Encryption Key Used for VPN Saved Passwords (FortiClient Windows)
low
watchVendor advisory
CVSSv3 Score:
2.1
A Missing Authorization [CWE-862] in FortiClient Windows may allow an authenticated local attacker to decrypt a currently logged in users VPN password via use of an unprotected DLL function.
Revised on 2026-05-12 00:00:00
Out-Of-Bounds Write in administrative interface (FortiWeb CGI daemon)
medium
watchVendor advisory
CVSSv3 Score:
6.7
An out-of-bounds write vulnerability [CWE-787] in FortiWeb CGI daemon may allow a remote privileged attacker to execute arbitrary code or command via crafted HTTP requests.
Revised on 2026-04-15 00:00:00
A improper authentication vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.3, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR on-premise 7.6.0 through 7.6.3, FortiSOAR on-premise 7.5.0 through 7.5.2 may allow an unauthenticated attacker to bypass authentication via replaying captured 2FA request. The attack requires being able to intercept and decrypt authentication traffic and precise timing to replay the request before token expiration, which raises the attack complexity.
A cleartext transmission of sensitive information vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.3, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.0 through 7.6.2, FortiSOAR on-premise 7.5.0 through 7.5.1, FortiSOAR on-premise 7.4 all versions, FortiSOAR on-premise 7.3 all versions may allow attacker to information disclosure via <insert attack vector here>
A missing authentication for critical function vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2.0 through 7.2.11, FortiOS 7.0.0 through 7.0.17, FortiOS 6.4 all versions, FortiOS 6.2.9 through 6.2.17 allows attacker to execute unauthorized code or commands via specially crafted packets.
Unauthenticated Authentication bypass and Privilege escalation in FortiSandbox (FortiSandbox JRPC API)
critical
watchVendor advisory
CVSSv3 Score:
9.1
A Path Traversal vulnerability [CWE-24] in FortiSandbox JRPC API may allow an unauthenticated attacker to bypass authentication via specially crafted HTTP requests.
Revised on 2026-04-14 00:00:00
OS Command Injection through API endpoint (an OS Command ('OS command injection') vulnerability [CWE-78] in FortiSandbox)
critical
watchVendor advisory
CVSSv3 Score:
9.1
An Improper Neutralization of Special Elements used in an OS Command ('OS command injection') vulnerability [CWE-78] in FortiSandbox may allow an unauthenticated attacker to execute unauthorized code or commands via crafted HTTP requests.
Revised on 2026-04-14 00:00:00
Heap-based buffer overflow in oftpd daemon (FortiAnalyzer Cloud oftpd daemon)
high
watchVendor advisory
CVSSv3 Score:
7.3
A heap-based buffer overflow vulnerability [CWE-122] in FortiAnalyzer Cloud oftpd daemon may allow a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests. Successful exploitation would require a large amount of effort in preparation because of ASLR and network segmentation
Revised on 2026-04-14 00:00:00
Linux Kernel Vulnerability copy.fail - CVE-2026-31431
CVSSv3 Score:
7.8
CVE-2026-31431In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert to operating out-of-place This mostly reverts commit 72548b093ee3 except for the copying of the associated data. There is no benefit in operating in-place in algif_aead since the source and destination come from different mappings. Get rid of all the complexity added for in-place operation and just copy the AD directly.
Revised on 2026-05-13 00:00:00
highCVE-2026-31431
Elevated
Priority score blends severity, KEV, recency, source signal, and EPSS where available. 2.6% EPSS.
An improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiNDR 7.6.0 through 7.6.2, FortiNDR 7.4.0 through 7.4.9, FortiNDR 7.2 all versions, FortiNDR 7.1 all versions, FortiNDR 7.0 all versions may allow an authenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests.
fortindr
HIGHCVE-2026-25088
Watch
Priority score blends severity, KEV, recency, source signal, and EPSS where available. 0.0% EPSS.
Incorrect global authorization (FortiSandbox, FortiSandbox Cloud and FortiSandbox PaaS WEB UI)
CVSSv3 Score:
9.1
A missing authorization vulnerability [CWE-862] in FortiSandbox, FortiSandbox Cloud and FortiSandbox PaaS WEB UI may allow an unauthenticated attacker to execute unauthorized code or commands via HTTP requests.
Revised on 2026-05-12 00:00:00
FortiSandbox, FortiSandbox Cloud and FortiSandbox PaaS WEB UI
critical
Elevated
Priority score blends severity, KEV, recency, source signal, and EPSS where available. No EPSS.
Improper access control on API endpoints (FortiAuthenticator)
CVSSv3 Score:
9.1
An Improper Access Control vulnerability [CWE-284] in FortiAuthenticator may allow an unauthenticated attacker to execute unauthorized code or commands via crafted requests.
Revised on 2026-05-12 00:00:00
FortiAuthenticator
critical
Elevated
Priority score blends severity, KEV, recency, source signal, and EPSS where available. No EPSS.
Out-of-bounds access in CAPWAP daemon (FortiOS capwap daemon)
CVSSv3 Score:
8.3
An Out-Of-Bounds Write vulnerability [CWE-787] in FortiOS capwap daemon may allow an attacker controlling an authenticated FortiAP FortiExtender or FortiSwitch to gain execution privileges on the FortiGate device
Revised on 2026-05-12 00:00:00
FortiOS capwap daemon
high
Elevated
Priority score blends severity, KEV, recency, source signal, and EPSS where available. No EPSS.
OS command injection in CLI (FortiAP and FortiAP-W2 cli)
CVSSv3 Score:
6.5
An OS command injection vulnerabtility [CWE-78] in FortiAP and FortiAP-W2 cli may allow an authenticated attacker to execute unauthorized code or commands via a specifically crafted cli command.
Revised on 2026-05-12 00:00:00
FortiAP and FortiAP-W2 cli
medium
Watch
Priority score blends severity, KEV, recency, source signal, and EPSS where available. No EPSS.
SQL command injection in administrative portal (an SQL Command ('SQL Injection') vulnerability [CWE-89] in FortiMail)
CVSSv3 Score:
6.3
An improper neutralization of special elements used in an SQL Command ('SQL Injection') vulnerability [CWE-89] in FortiMail may allow an authenticated privileged attacker to execute unauthorized code or commands via specifically crafted HTTP or HTTPS requests.
Revised on 2026-05-12 00:00:00
an SQL Command ('SQL Injection') vulnerability [CWE-89] in FortiMail
medium
Watch
Priority score blends severity, KEV, recency, source signal, and EPSS where available. No EPSS.
DoS due to unsafe function in signal handler (FortiAnalyzer and FortiManager API)
CVSSv3 Score:
5.2
A use of potentially Dangerous Function vulnerability [CWE-676] in FortiAnalyzer and FortiManager API may allow an authenticated attacker to cause a system hang via multiple specially crafted HTTP requests causing crashes. This happens if internal locks are aligned, which is out of control of the attacker.
Revised on 2026-05-12 00:00:00
FortiAnalyzer and FortiManager API
medium
Watch
Priority score blends severity, KEV, recency, source signal, and EPSS where available. No EPSS.
OTP Disclosure via Exported TokenContentProvider (FortiTokenAndroid)
CVSSv3 Score:
5.0
An improper export of Android application components [CWE-926] in FortiTokenAndroid may allow other applications on the device to read the OTP code via an exported Content Provider URI.
Revised on 2026-05-12 00:00:00
FortiTokenAndroid
medium
Watch
Priority score blends severity, KEV, recency, source signal, and EPSS where available. No EPSS.
Arbitrary log file read in administrative interface (a Command ('Argument Injection') vulnerability [CWE-88] in FortiDeceptor WEB UI)
CVSSv3 Score:
4.0
An Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability [CWE-88] in FortiDeceptor WEB UI may allow an authenticated attacker with at least read-only admin permission to read log files via HTTP crafted requests.
Revised on 2026-05-12 00:00:00
a Command ('Argument Injection') vulnerability [CWE-88] in FortiDeceptor WEB UI
medium
Watch
Priority score blends severity, KEV, recency, source signal, and EPSS where available. No EPSS.
Command injection in CLI (an OS command ("OS Command Injection") vulnerability [CWE-78] in FortiAP, FortiAP-U & FortiAP-W2 CLI)
CVSSv3 Score:
6.1
An improper neutralization of special elements used in an OS command ("OS Command Injection") vulnerability [CWE-78] in FortiAP, FortiAP-U & FortiAP-W2 CLI may allow an authenticated privileged attacker to execute unauthorized code or commands via crafted CLI requests.
Revised on 2026-05-12 00:00:00
an OS command ("OS Command Injection") vulnerability [CWE-78] in FortiAP, FortiAP-U & FortiAP-W2 CLI
medium
Watch
Priority score blends severity, KEV, recency, source signal, and EPSS where available. No EPSS.
User controlled SQL commands (an SQL command ('SQL injection') vulnerability [CWE-89] in FortiNDR)
CVSSv3 Score:
5.1
An improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability [CWE-89] in FortiNDR may allow an authenticated attacker to execute arbitrary SQL commands on selected databases and tables via specifically crafted HTTP requests.
Revised on 2026-05-12 00:00:00
an SQL command ('SQL injection') vulnerability [CWE-89] in FortiNDR
medium
Watch
Priority score blends severity, KEV, recency, source signal, and EPSS where available. No EPSS.
Hardcoded Encryption Key Used for VPN Saved Passwords (FortiClient Windows)
CVSSv3 Score:
2.1
A Missing Authorization [CWE-862] in FortiClient Windows may allow an authenticated local attacker to decrypt a currently logged in users VPN password via use of an unprotected DLL function.
Revised on 2026-05-12 00:00:00
FortiClient Windows
low
Watch
Priority score blends severity, KEV, recency, source signal, and EPSS where available. No EPSS.
Out-Of-Bounds Write in administrative interface (FortiWeb CGI daemon)
CVSSv3 Score:
6.7
An out-of-bounds write vulnerability [CWE-787] in FortiWeb CGI daemon may allow a remote privileged attacker to execute arbitrary code or command via crafted HTTP requests.
Revised on 2026-04-15 00:00:00
FortiWeb CGI daemon
medium
Watch
Priority score blends severity, KEV, recency, source signal, and EPSS where available. No EPSS.
A improper authentication vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.3, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR on-premise 7.6.0 through 7.6.3, FortiSOAR on-premise 7.5.0 through 7.5.2 may allow an unauthenticated attacker to bypass authentication via replaying captured 2FA request. The attack requires being able to intercept and decrypt authentication traffic and precise timing to replay the request before token expiration, which raises the attack complexity.
fortisoar
HIGHCVE-2026-23708
Watch
Priority score blends severity, KEV, recency, source signal, and EPSS where available. 0.1% EPSS.
A cleartext transmission of sensitive information vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.3, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.0 through 7.6.2, FortiSOAR on-premise 7.5.0 through 7.5.1, FortiSOAR on-premise 7.4 all versions, FortiSOAR on-premise 7.3 all versions may allow attacker to information disclosure via <insert attack vector here>
fortisoar
HIGHCVE-2026-22155
Watch
Priority score blends severity, KEV, recency, source signal, and EPSS where available. 0.0% EPSS.
A missing authentication for critical function vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2.0 through 7.2.11, FortiOS 7.0.0 through 7.0.17, FortiOS 6.4 all versions, FortiOS 6.2.9 through 6.2.17 allows attacker to execute unauthorized code or commands via specially crafted packets.
fortios
HIGHCVE-2025-53847
Watch
Priority score blends severity, KEV, recency, source signal, and EPSS where available. 0.1% EPSS.
Unauthenticated Authentication bypass and Privilege escalation in FortiSandbox (FortiSandbox JRPC API)
CVSSv3 Score:
9.1
A Path Traversal vulnerability [CWE-24] in FortiSandbox JRPC API may allow an unauthenticated attacker to bypass authentication via specially crafted HTTP requests.
Revised on 2026-04-14 00:00:00
FortiSandbox JRPC API
critical
Elevated
Priority score blends severity, KEV, recency, source signal, and EPSS where available. No EPSS.
OS Command Injection through API endpoint (an OS Command ('OS command injection') vulnerability [CWE-78] in FortiSandbox)
CVSSv3 Score:
9.1
An Improper Neutralization of Special Elements used in an OS Command ('OS command injection') vulnerability [CWE-78] in FortiSandbox may allow an unauthenticated attacker to execute unauthorized code or commands via crafted HTTP requests.
Revised on 2026-04-14 00:00:00
an OS Command ('OS command injection') vulnerability [CWE-78] in FortiSandbox
critical
Elevated
Priority score blends severity, KEV, recency, source signal, and EPSS where available. No EPSS.
Heap-based buffer overflow in oftpd daemon (FortiAnalyzer Cloud oftpd daemon)
CVSSv3 Score:
7.3
A heap-based buffer overflow vulnerability [CWE-122] in FortiAnalyzer Cloud oftpd daemon may allow a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests. Successful exploitation would require a large amount of effort in preparation because of ASLR and network segmentation
Revised on 2026-04-14 00:00:00
FortiAnalyzer Cloud oftpd daemon
high
Elevated
Priority score blends severity, KEV, recency, source signal, and EPSS where available. No EPSS.
It is the Fortinet-specific view inside ITECS Threat Radar, built to track recent advisories, incidents, and watch items that may affect Dallas-area business operations.
How should teams use the Fortinet watch page?
Use it to confirm whether current Fortinet issues overlap with your environment, prioritize remediation, and decide whether you need an assessment, managed security follow-through, or vendor-specific hardening work.
Can ITECS help respond to Fortinet security issues?
Yes. ITECS can help map Fortinet advisories against your systems, validate affected services, prioritize remediation, and connect the issue to broader managed cybersecurity or managed IT workflows.
