Sign in Subscribe
By E. Kohler in Fortinet

🛡️ Fortinet Monthly Recap | February 2026

Monthly Overview February 2026.

🛡️ Fortinet Monthly Recap | February 2026

📦 Firmware Updates

ProductVersionTypeDocumentation
FORTIAIOPS3.2.1PatchRelease Notes | Admin Guide
FORTIANALYZER-BIGDATA7.4.5PatchRelease Notes | Admin Guide
FORTIAP7.6.4FeatureRelease Notes | Admin Guide
FORTIAUTHENTICATOR8.0.1PatchRelease Notes | Admin Guide
FORTIAUTHENTICATOR6.6.9PatchRelease Notes | Admin Guide
FORTIAUTHENTICATOR6.5.7PatchRelease Notes | Admin Guide
FORTIAUTHENTICATOR6.4.11PatchRelease Notes | Admin Guide
FORTIAUTHENTICATOR6.3.5PatchRelease Notes | Admin Guide
FORTIDECEPTOR6.2.1PatchRelease Notes | Admin Guide
FORTIEXTENDER7.6.5PatchRelease Notes | Admin Guide
FORTINAC-F7.4.3PatchRelease Notes | Admin Guide
FORTIOS-6K7K7.0.19PatchRelease Notes | Admin Guide
FORTIPAM1.8.1PatchRelease Notes | Admin Guide
FORTIPROXY7.6.6PatchRelease Notes | Admin Guide
FORTIPROXY7.6.5PatchRelease Notes | Admin Guide
FORTIPROXY7.4.13PatchRelease Notes | Admin Guide
FORTIPROXY7.2.16PatchRelease Notes | Admin Guide
FORTIPROXY7.0.23PatchRelease Notes | Admin Guide
FORTIRECORDER7.2.9PatchRelease Notes | Admin Guide
FORTISWITCH7.4.9PatchRelease Notes | Admin Guide
FORTISWITCHAXFIXED1.0.2FeatureRelease Notes | Admin Guide
FORTISWITCHMANAGER7.2.9PatchRelease Notes | Admin Guide
FORTIVOICEUCDESKTOP7.0.4FeatureRelease Notes | Admin Guide
FORTIWEB8.0.4FeatureRelease Notes | Admin Guide
FORTIWEB7.6.7PatchRelease Notes | Admin Guide
FORTIWEB7.4.12PatchRelease Notes | Admin Guide
FORTIWEBMANAGER8.0.0MajorRelease Notes | Admin Guide

⚠️ Security Advisories (CVEs)

Critical vulnerabilities (Score > 6.5) in February:

IDScoreDescription (Affected Versions)
CVE-2026-216439.8An improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet

FortiClientEMS
7.4.4 may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests.
CVE-2025-524368.8An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability [CWE-79] vulnerability in Fortinet

FortiSandbox
5.0.0 through 5.0.1,


FortiSandbox
4.4.0 through 4.4.7,


FortiSandbox
4.2 all versions,


FortiSandbox
4.0 all versions may allow an unauthenticated attacker to execute commands via crafted requests.
CVE-2026-221538.1An Authentication Bypass by Primary Weakness vulnerability [CWE-305] vulnerability in Fortinet

FortiOS
7.6.0 through 7.6.4 may allow an unauthenticated attacker to bypass LDAP authentication of Agentless VPN or FSSO policy,
when the remote LDAP server is configured in a specific way.
CVE-2026-217437.2A missing authorization vulnerability in Fortinet

FortiAuthenticator
6.6.0 through 6.6.6,


FortiAuthenticator
6.5 all versions,


FortiAuthenticator
6.4 all versions,


FortiAuthenticator
6.3 all versions may allow a read-only user to make modification to local users via a file upload to an unprotected endpoint.
CVE-2025-626767.1An Improper Link Resolution Before File Access ('Link Following') vulnerability [CWE-59] vulnerability in Fortinet

FortiClientWindows
7.4.0 through 7.4.4,


FortiClientWindows
7.2.0 through 7.2.12,


FortiClientWindows
7.0 all versions may allow a local low-privilege attacker to perform an arbitrary file write with elevated permissions via crafted named pipe messages.
CVE-2025-641576.7A use of externally-controlled format string vulnerability in Fortinet

FortiOS
7.6.0 through 7.6.4,


FortiOS
7.4.0 through 7.4.9,


FortiOS
7.2.0 through 7.2.11,


FortiOS
7.0 all versions allows an authenticated admin to execute unauthorized code or commands via specifically crafted configuration.
Previous

Running 49 Language Models From a Single Gateway

 Next

How I Built a Day/Night AI Development Loop with AAHP

You might also like...