FORTINET: Security Advisory: OTP Disclosure Risk in FortiTokenAndroid
FORTINET Security Advisory Published Date: May 12, 2026 Advisory Summary Fortinet has disclosed a security vulnerability in its FortiTokenAndroid application identified as CWE-926, related to the improper exportation of Android application components. This flaw potentially allows other applications on the same device to access one-time password (OTP) codes through an exported Content Provider URI. The […]
FORTINET: 🛑 OS Command Injection in FortiAP CLI
FORTINET Security Advisory Published Date: May 12, 2026 Advisory Summary Fortinet has disclosed a critical OS command injection vulnerability (CWE-78) impacting the CLI interface of FortiAP and FortiAP-W2 access points. With a CVSSv3 score of 6.5, this flaw allows authenticated attackers to execute unauthorized system commands by leveraging a specially crafted CLI input. This presents […]
FORTINET: 📅 Published on May 12, 2026
FORTINET Security Advisory Published Date: May 12, 2026 Advisory Summary ❗️ Critical Authorization Vulnerability in FortiSandbox Ecosystem Fortinet has disclosed a severe security flaw (CVE-862) impacting FortiSandbox, FortiSandbox Cloud, and FortiSandbox PaaS Web UI. The vulnerability stems from missing authorization checks, which could allow unauthenticated attackers to execute unauthorized commands or code through crafted HTTP […]
FORTINET: 📅 Published on May 12, 2026
FORTINET Security Advisory Published Date: May 12, 2026 Advisory Summary ⬢ ➤ Critical Security Alert: Improper Access Control in FortiAuthenticator API Endpoints Fortinet has disclosed a critical security vulnerability in FortiAuthenticator identified as an Improper Access Control issue (CWE-284) with a high CVSSv3 score of 9.1. This flaw permits unauthenticated attackers to send specially crafted […]
FORTINET: 🛡️ Security Advisory: Hardcoded Encryption Key Vulnerability in FortiClient Windows VPN
FORTINET Security Advisory Published Date: May 12, 2026 Advisory Summary Fortinet has disclosed a security issue impacting FortiClient for Windows, involving a Missing Authorization vulnerability classified as CWE-862. This flaw permits an authenticated local attacker to decrypt VPN passwords currently saved on the device by exploiting an unprotected DLL function. The vulnerability carries a CVSSv3 […]
FORTINET: ❗️ Security Advisory: Denial of Service (DoS) Vulnerability in FortiAnalyzer and FortiManager APIs
FORTINET Security Advisory Published Date: May 12, 2026 Advisory Summary A Medium-severity vulnerability (CVSSv3 score 5.2) identified as a use of a potentially dangerous function (CWE-676) impacts FortiAnalyzer and FortiManager products. Authenticated attackers can exploit this flaw by sending multiple specially crafted HTTP requests, potentially causing system hangs and crashes due to unsafe handling of […]
FORTINET: ❗️ Command Injection in FortiAP CLI Interfaces
FORTINET Security Advisory Published Date: May 12, 2026 Advisory Summary Fortinet has disclosed a significant security vulnerability rated 6.1 on the CVSSv3 scale affecting FortiAP models, including FortiAP, FortiAP-U, and FortiAP-W2. This OS Command Injection flaw (CWE-78) resides in the Command Line Interface (CLI) of these devices. It allows an authenticated user with privileged access […]
FORTINET: ❗️ Security Advisory: Arbitrary Log File Read Vulnerability in FortiDeceptor WEB UI
FORTINET Security Advisory Published Date: May 12, 2026 Advisory Summary Fortinet has disclosed a vulnerability rated with a CVSSv3 score of 4.0 involving an Improper Neutralization of Argument Delimiters in a Command, classified as Argument Injection (CWE-88). This issue affects the FortiDeceptor administrative web interface and could allow an authenticated attacker, even with only read-only […]
FORTINET: 📅 Published on May 13, 2026
FORTINET Security Advisory Published Date: May 13, 2026 CVE: CVE-2026-31431 Advisory Summary ⬢ Linux Kernel Vulnerability CVE-2026-31431 Resolved: Key Security Fix for Crypto AEAD Module ⬢ Fortinet has announced the resolution of a significant vulnerability in the Linux kernel’s cryptographic subsystem, identified as CVE-2026-31431, with a CVSSv3 score of 7.8, categorizing it as a high-severity […]
ORACLE: 📅 Published on May 28, 2026
ORACLE Security Advisory Published Date: May 28, 2026 Advisory Summary Oracle has released its May 2026 Critical Security Patch Update (CSPU), addressing multiple high-severity vulnerabilities that could potentially impact enterprise infrastructure and data center systems. This update targets a broad range of Oracle products, including database systems, middleware, and cloud infrastructure solutions. Fixes for critical […]