🛡️ Fortinet Monthly Recap | May 2026
Monthly Overview May 2026.
📦 Firmware Updates
| Product | Version | Type | Documentation |
|---|---|---|---|
| 6.2.0 | Major | Release Notes | Admin Guide | |
| 7.6.7 | Patch | Release Notes | Admin Guide | |
| 7.4.11 | Patch | Release Notes | Admin Guide | |
| 8.0.0 | Major | Release Notes | Admin Guide | |
| 3.4.0 | Major | Release Notes | Admin Guide | |
| 7.4.11 | Patch | Release Notes | Admin Guide | |
| 7.2.12 | Patch | Release Notes | Admin Guide | |
| 7.6.5 | Patch | Release Notes | Admin Guide | |
| 6.6.10 | Patch | Release Notes | Admin Guide | |
| 8.0.0 | Major | Release Notes | Admin Guide | |
| 7.6.5 | Patch | Release Notes | Admin Guide | |
| 7.4.11 | Patch | Release Notes | Admin Guide | |
| 7.2.11 | Patch | Release Notes | Admin Guide | |
| 7.4.12 | Patch | Release Notes | Admin Guide | |
| 7.4.8 | Patch | Release Notes | Admin Guide | |
| 1.9.0 | Major | Release Notes | Admin Guide | |
| 7.4.11 | Patch | Release Notes | Admin Guide | |
| 7.2.9 | Patch | Release Notes | Admin Guide | |
| 7.0.14 | Patch | Release Notes | Admin Guide | |
| 7.2.11 | Patch | Release Notes | Admin Guide | |
| 7.5.1 | Patch | Release Notes | Admin Guide | |
| 7.5.1 | Patch | Release Notes | Admin Guide | |
| 8.0.0 | Major | Release Notes | Admin Guide | |
| 8.0.1 | Patch | Release Notes | Admin Guide |
⚠️ Security Advisories (CVEs)
Critical vulnerabilities (Score > 6.5) in May:
| ID | Score | Description (Affected Versions) |
|---|---|---|
| CVE-2026-26083 | 9.8 | A missing authorization vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.1, FortiSandbox 4.4.0 through 4.4.8, FortiSandbox Cloud 5.0.2 through 5.0.5, FortiSandbox PaaS 23.4 all versions, FortiSandbox PaaS 23.3 all versions, FortiSandbox PaaS 23.1 all versions, FortiSandbox PaaS 22.2 all versions, FortiSandbox PaaS 22.1 all versions, FortiSandbox PaaS 21.4 all versions, FortiSandbox PaaS 21.3 all versions, FortiSandbox PaaS 5.0.0 through 5.0.1, FortiSandbox PaaS 4.4.5 through 4.4.8 may allow an unauthenticated attacker to execute unauthorized code or commands via HTTP requests. |
| CVE-2026-44277 | 9.8 | A improper access control vulnerability in Fortinet FortiAuthenticator 8.0.2, FortiAuthenticator 8.0.0, FortiAuthenticator 6.6.0 through 6.6.8, FortiAuthenticator 6.5.0 through 6.5.6 may allow attacker to execute unauthorized code or commands via crafted requests. |
| CVE-2025-53844 | 8.8 | A out-of-bounds write vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2.0 through 7.2.11 allows attacker to execute unauthorized code or commands via specially crafted packets. |
| CVE-2025-53681 | 7.2 | An improper neutralization of special elements used in an SQL Command ("SQL Injection&") vulnerability [CWE-89] vulnerability in Fortinet FortiMail 7.6.0 through 7.6.3, FortiMail 7.4.0 through 7.4.5, FortiMail 7.2.0 through 7.2.8 allows an authenticated privileged attacker to execute unauthorized code or commands via specifically crafted HTTP or HTTPS requests. |
| CVE-2025-53680 | 6.7 | An improper neutralization of special elements used in an OS command ("OS Command Injection") vulnerability [CWE-78] vulnerability in Fortinet FortiAP 7.6.0 through 7.6.2, FortiAP 7.4.0 through 7.4.5, FortiAP 7.2 all versions, FortiAP 7.0 all versions, FortiAP 6.4 all versions, FortiAP -U 7.0.0 through 7.0.5, FortiAP -U 6.2 all versions, FortiAP -W2 7.4.0 through 7.4.4, FortiAP -W2 7.2 all versions, FortiAP -W2 7.0 all versions allows an authenticated privileged attacker to execute unauthorized code or commands via crafted CLI requests. |
| CVE-2025-53870 | 6.7 | An improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiAP 7.6.0 through 7.6.2, FortiAP 7.4.0 through 7.4.5, FortiAP 7.2 all versions, FortiAP 7.0 all versions, FortiAP 6.4 all versions, FortiAP -W2 7.4.0 through 7.4.4, FortiAP -W2 7.2 all versions, FortiAP -W2 7.0 all versions may allow an authenticated attacker to execute unauthorized code or commands via a specifically crafted cli command. |
