🛡️ Fortinet Monthly Recap | April 2026
Monthly Overview April 2026.
📦 Firmware Updates
| Product | Version | Type | Documentation |
|---|---|---|---|
| 6.1.1 | Patch | Release Notes | Admin Guide | |
| 8.0.3 | Patch | Release Notes | Admin Guide | |
| 8.0.0 | Major | Release Notes | Admin Guide | |
| 7.4.6 | Patch | Release Notes | Admin Guide | |
| 8.0.3 | Patch | Release Notes | Admin Guide | |
| 7.4.0 | Major | Release Notes | Admin Guide | |
| 7.4.7 | Patch | Release Notes | Admin Guide | |
| 7.4.7 | Patch | Release Notes | Admin Guide | |
| 7.4.7 | Patch | Release Notes | Admin Guide | |
| 7.4.7 | Patch | Release Notes | Admin Guide | |
| 8.0.0 | Major | Release Notes | Admin Guide | |
| 2.4.3 | Patch | Release Notes | Admin Guide | |
| 8.0.0 | Major | Release Notes | Admin Guide | |
| 7.6.4 | Feature | Release Notes | Admin Guide | |
| 8.0.0 | Major | Release Notes | Admin Guide | |
| 7.4.10 | Patch | Release Notes | Admin Guide | |
| 7.2.10 | Patch | Release Notes | Admin Guide | |
| 7.6.6 | Patch | Release Notes | Admin Guide | |
| 1.1.0 | Major | Release Notes | Admin Guide | |
| 1.0.3 | Patch | Release Notes | Admin Guide | |
| 1.13.3 | Patch | Release Notes | Admin Guide | |
| 7.2.4 | Feature | Release Notes | Admin Guide | |
| 7.0.5 | Patch | Release Notes | Admin Guide | |
| 8.0.5 | Patch | Release Notes | Admin Guide |
⚠️ Security Advisories (CVEs)
Critical vulnerabilities (Score > 6.5) in April:
| ID | Score | Description (Affected Versions) |
|---|---|---|
| CVE-2026-35616 | 9.8 | A improper access control vulnerability in Fortinet FortiClientEMS 7.4.5 through 7.4.6 may allow an unauthenticated attacker to execute unauthorized code or commands via crafted requests. |
| CVE-2026-39808 | 9.8 | A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.8 may allow attacker to execute unauthorized code or commands via |
| CVE-2026-39813 | 9.8 | A path traversal: '../filedir' vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8 may allow attacker to escalation of privilege via |
| CVE-2026-39815 | 8.8 | A improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiDDoS -F 7.2.1 through 7.2.2 may allow attacker to execute unauthorized code or commands via sending crafted HTTP requests |
| CVE-2026-22828 | 8.1 | A heap-based buffer overflow vulnerability in Fortinet FortiAnalyzer Cloud 7.6.2 through 7.6.4, FortiManager Cloud 7.6.2 through 7.6.4 may allow a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests. Successful exploitation would require a large amount of effort in preparation because of ASLR and network segmentation |
| CVE-2026-23708 | 7.5 | A improper authentication vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.3, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR on-premise 7.6.0 through 7.6.3, FortiSOAR on-premise 7.5.0 through 7.5.2 may allow an unauthenticated attacker to bypass authentication via replaying captured 2FA request. The attack requires being able to intercept and decrypt authentication traffic and precise timing to replay the request before token expiration, which raises the attack complexity. |
| CVE-2025-61848 | 7.2 | An improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.8, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer Cloud 7.6.0 through 7.6.4, FortiAnalyzer Cloud 7.4.0 through 7.4.8, FortiAnalyzer Cloud 7.2 all versions, FortiAnalyzer Cloud 7.0 all versions, FortiManager 7.6.0 through 7.6.4, FortiManager 7.4.0 through 7.4.8, FortiManager 7.2 all versions, FortiManager 7.0 all versions, FortiManager Cloud 7.6.0 through 7.6.4, FortiManager Cloud 7.4.0 through 7.4.8, FortiManager Cloud 7.2 all versions, FortiManager Cloud 7.0 all versions may allow a privileged authenticated attacker to execute unauthorized code or commands via JSON RPC API |
| CVE-2026-40688 | 7.2 | An out-of-bounds write vulnerability [CWE-787] vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.3, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4.0 through 7.4.11 may allow a remote privileged attacker to execute arbitrary code or command via crafted HTTP requests. |
| CVE-2026-25691 | 6.7 | A improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8, FortiSandbox 4.2 all versions, FortiSandbox Cloud 5.0.4, FortiSandbox PaaS 5.0.4 may allow a privileged attacker with super-admin profile and CLI access to delete an arbitrary directory via HTTP crafted requests. |
| CVE-2026-39809 | 6.7 | A improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiClientEMS 7.4.0 through 7.4.5, FortiClientEMS 7.2.0 through 7.2.12, FortiClientEMS 7.0 all versions may allow attacker to execute unauthorized code or commands via sending crafted requests |
| CVE-2026-39814 | 6.7 | A relative path traversal vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.2, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4.1 through 7.4.12, FortiWeb 7.2.7 through 7.2.12, FortiWeb 7.0.10 through 7.0.12 may allow attacker to execute unauthorized code or commands via |
| CVE-2025-53847 | 6.5 | A missing authentication for critical function vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2.0 through 7.2.11, FortiOS 7.0.0 through 7.0.17, FortiOS 6.4 all versions, FortiOS 6.2.9 through 6.2.17 allows attacker to execute unauthorized code or commands via specially crafted packets. |
| CVE-2026-22155 | 6.5 | A cleartext transmission of sensitive information vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.3, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.0 through 7.6.2, FortiSOAR on-premise 7.5.0 through 7.5.1, FortiSOAR on-premise 7.4 all versions, FortiSOAR on-premise 7.3 all versions may allow attacker to information disclosure via |
| CVE-2026-22573 | 6.5 | An improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.3, FortiSOAR PaaS 7.5 all versions, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.0 through 7.6.3, FortiSOAR on-premise 7.5 all versions, FortiSOAR on-premise 7.4 all versions, FortiSOAR on-premise 7.3 all versions may allow an authenticated remote attacker to perform path traversal attack via File Content Extraction actions. |
