🛡️ Fortinet Monthly Recap | June 2026
Monthly Overview June 2026.
📦 Firmware Updates
| Product | Version | Type | Documentation |
|---|---|---|---|
| 8.0.1 | Patch | Release Notes | Admin Guide | |
| 7.6.7 | Patch | Release Notes | Admin Guide | |
| 8.0.0 | Major | Release Notes | Admin Guide | |
| 7.4.5 | Patch | Release Notes | Admin Guide | |
| 6.2.2 | Feature | Release Notes | Admin Guide | |
| 6.1.2 | Feature | Release Notes | Admin Guide | |
| 6.0.4 | Feature | Release Notes | Admin Guide | |
| 8.0.0 | Major | Release Notes | Admin Guide | |
| 7.2.3 | Patch | Release Notes | Admin Guide | |
| 7.2.2 | Feature | Release Notes | Admin Guide | |
| 7.6.7 | Patch | Release Notes | Admin Guide | |
| 7.6.7 | Patch | Release Notes | Admin Guide | |
| 1.8.3 | Patch | Release Notes | Admin Guide | |
| 7.4.14 | Patch | Release Notes | Admin Guide | |
| 7.6.0 | Major | Release Notes | Admin Guide | |
| 5.2.0 | Major | Release Notes | Admin Guide | |
| 4.4.6 | Patch | Release Notes | Admin Guide | |
| 8.0.0 | Major | Release Notes | Admin Guide | |
| 1.1.1 | Patch | Release Notes | Admin Guide | |
| 7.6.1 | Patch | Release Notes | Admin Guide | |
| 7.6.2 | Feature | Release Notes | Admin Guide | |
| 7.6.9 | Patch | Release Notes | Admin Guide | |
| 7.6.8 | Patch | Release Notes | Admin Guide | |
| 7.4.13 | Patch | Release Notes | Admin Guide |
⚠️ Security Advisories (CVEs)
Critical vulnerabilities (Score > 6.5) in June:
| ID | Score | Description (Affected Versions) |
|---|---|---|
| CVE-2026-25089 | 9.8 | A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8, FortiSandbox 4.2 all versions, FortiSandbox Cloud 5.0.4 through 5.0.5, FortiSandbox PaaS 5.0.4 through 5.0.5 may allow an unauthenticated attacker to execute unauthorized commands via specifically crafted HTTP requests |
| CVE-2025-67862 | 6.7 | An Internal Asset Exposed to Unsafe Debug Access Level or State vulnerability [CWE-1244] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.2, FortiOS 7.4.0 through 7.4.7, FortiOS 7.2.0 through 7.2.10, FortiOS 7.0.0 through 7.0.16, FortiOS 6.4 all versions, FortiProxy 7.6.0 through 7.6.3, FortiProxy 7.4.0 through 7.4.10, FortiProxy 7.2.0 through 7.2.14, FortiProxy 7.0 all versions may allow an authenticated admin to execute lua scripts via crafted CLI commands. |
| CVE-2026-49938 | 6.5 | A improper access control vulnerability in Fortinet FortiPortal 7.4.0 through 7.4.7, FortiPortal 7.2.0 through 7.2.8, FortiPortal 7.0 all versions may allow attacker to improper access control via |