**Fortinet** has released security updates to address two critical vulnerabilities in **FortiSandbox** and **FortiAuthenticator** that could enable attackers to run commands or arbitrary code on unpatched systems. ### FortiAuthenticator Improper Access Control The first vulnerability, tracked as **CVE-2026-44277**, impacts the company's **FortiAuthenticator** Identity and Access Management (IAM) solution and has been patched in **FortiAuthenticator** versions 6.5.7, 6.6.9, and 8.0.3. "An Improper Access Control vulnerability [CWE-284] in **FortiAuthenticator** may allow an unauthenticated attacker to execute unauthorized code or commands via crafted requests," **Fortinet** said in [a Tuesday advisory](https://fortiguard.fortinet.com/psirt/FG-IR-26-128). The company clarified that **FortiAuthenticator** Cloud (formerly known as **FortiTrust Identity**), an Identity and Access Management as a Service (IDaaS) cloud service hosted and managed by **Fortinet**, is not affected by this issue. ### FortiSandbox Missing Authorization Weakness **Fortinet** also addressed a missing authorization weakness (**CVE-2026-26083**) that can be exploited to achieve remote code execution on vulnerable **FortiSandbox** systems. These systems are designed to protect against malicious activity, including zero-day threats. "A missing authorization vulnerability [CWE-862] in **FortiSandbox**, **FortiSandbox** Cloud and **FortiSandbox** PaaS WEB UI may allow an unauthenticated attacker to execute unauthorized code or commands via HTTP requests," the advisory stated. ### Fortinet Vulnerabilities: A Frequent Target While **Fortinet** hasn't indicated active exploitation of these specific flaws, **Fortinet** vulnerabilities are commonly exploited in ransomware and cyber-espionage attacks, often as zero-days. For example, in February, **Fortinet** addressed another critical vulnerability (**CVE-2026-21643**) in the **FortiClient** Enterprise Management Server (EMS) platform. Threat intelligence company **Defused** reported active exploitation of this vulnerability a month later. Recently, the U.S. Cybersecurity and Infrastructure Security Agency (**CISA**) ordered federal agencies in early April to patch **FortiClient** Enterprise Management Server (EMS) instances against an actively exploited authentication bypass flaw (**CVE-2026-35616**). **CISA** has added 24 **Fortinet** vulnerabilities to its catalog of actively exploited security flaws in recent years, with 13 of those being abused in ransomware attacks.