🛡️ Fortinet Monthly Recap | June 2026

Monthly Overview June 2026.

🛡️ Fortinet Monthly Recap | June 2026

📦 Firmware Updates

ProductVersionTypeDocumentation
FORTIAIGATE8.0.1PatchRelease Notes | Admin Guide
FORTIANALYZER7.6.7PatchRelease Notes | Admin Guide
FORTIAP8.0.0MajorRelease Notes | Admin Guide
FORTIAP7.4.5PatchRelease Notes | Admin Guide
FORTIDECEPTOR6.2.2FeatureRelease Notes | Admin Guide
FORTIDECEPTOR6.1.2FeatureRelease Notes | Admin Guide
FORTIDECEPTOR6.0.4FeatureRelease Notes | Admin Guide
FORTIEXTENDER8.0.0MajorRelease Notes | Admin Guide
FORTIFONE7.2.3PatchRelease Notes | Admin Guide
FORTIFONEANDROID7.2.2FeatureRelease Notes | Admin Guide
FORTIMANAGER7.6.7PatchRelease Notes | Admin Guide
FORTIOS7.6.7PatchRelease Notes | Admin Guide
FORTIPAM1.8.3PatchRelease Notes | Admin Guide
FORTIPROXY7.4.14PatchRelease Notes | Admin Guide
FORTIRECORDER7.6.0MajorRelease Notes | Admin Guide
FORTISANDBOX5.2.0MajorRelease Notes | Admin Guide
FORTISANDBOX4.4.6PatchRelease Notes | Admin Guide
FORTISOAR8.0.0MajorRelease Notes | Admin Guide
FORTISWITCHAXCHASSIS1.1.1PatchRelease Notes | Admin Guide
FORTISWITCHOS7.6.1PatchRelease Notes | Admin Guide
FORTITESTER7.6.2FeatureRelease Notes | Admin Guide
FORTIWEB7.6.9PatchRelease Notes | Admin Guide
FORTIWEB7.6.8PatchRelease Notes | Admin Guide
FORTIWEB7.4.13PatchRelease Notes | Admin Guide

⚠️ Security Advisories (CVEs)

Critical vulnerabilities (Score > 6.5) in June:

IDScoreDescription (Affected Versions)
CVE-2026-250899.8A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet

FortiSandbox
5.0.0 through 5.0.5,


FortiSandbox
4.4.0 through 4.4.8,


FortiSandbox
4.2 all versions,


FortiSandbox Cloud
5.0.4 through 5.0.5,


FortiSandbox
PaaS 5.0.4 through 5.0.5 may allow an unauthenticated attacker to execute unauthorized commands via specifically crafted HTTP requests
CVE-2025-678626.7An Internal Asset Exposed to Unsafe Debug Access Level or State vulnerability [CWE-1244] vulnerability in Fortinet

FortiOS
7.6.0 through 7.6.2,


FortiOS
7.4.0 through 7.4.7,


FortiOS
7.2.0 through 7.2.10,


FortiOS
7.0.0 through 7.0.16,


FortiOS
6.4 all versions,


FortiProxy
7.6.0 through 7.6.3,


FortiProxy
7.4.0 through 7.4.10,


FortiProxy
7.2.0 through 7.2.14,


FortiProxy
7.0 all versions may allow an authenticated admin to execute lua scripts via crafted CLI commands.
CVE-2026-499386.5A improper access control vulnerability in Fortinet

FortiPortal
7.4.0 through 7.4.7,


FortiPortal
7.2.0 through 7.2.8,


FortiPortal
7.0 all versions may allow attacker to improper access control via