High Severity Vulnerabilities in Fortinet Products
16 February 2026
Fortinet has released software updates addressing multiple vulnerabilities in FortiSandbox and FortiOS. Users and administrators of affected products are advised to update to the latest versions immediately.
Background
Fortinet has released software updates addressing vulnerabilities in FortiSandbox (CVE-2025-52436) and FortiOS (CVE-2026-22153).
Impact
Successful exploitation of the vulnerabilities could lead to the following:
CVE-2025-52436: Successful exploitation of this cross-site scripting vulnerability could allow an unauthenticated attacker to execute arbitrary commands via crafted requests.
CVE-2026-22153: Successful exploitation of this authentication bypass vulnerability could allow an unauthenticated attacker to bypass LDAP authentication of Agentless VPN or FSSO policy, when the remote LDAP server is configured in a specific way. This could allow attackers to gain unauthorised access to network resources without valid credentials.
Affected products
The following product versions are affected by the vulnerabilities.
For CVE-2025-52436:
FortiSandbox 5.0.0 through 5.0.1
FortiSandbox 4.4.0 through 4.4.7
All versions of FortiSandbox 4.2
All versions of FortiSandbox 4.0
For CVE-2026-22153:
FortiOS 7.6.0 through 7.6.4
Recommendation
Users and administrators of affected products are advised to update to the latest versions immediately. For FortiSandbox 4.0 and 4.2, migrate to a fixed release.
References
https://fortiguard.fortinet.com/psirt/FG-IR-25-093
https://fortiguard.fortinet.com/psirt/FG-IR-25-1052
