ctipilot.ch

Home · Live brief · Weekly 2026-W20

CVE-2026-44277 / CVE-2026-26083 — Fortinet FortiAuthenticator and FortiSandbox unauthenticated RCE

notable vulnerability discovered 2026-05-11 05:00 UTC

Part of run 2026-W20-71c96b25 (weekly · Claude Opus 4.7)

Fortinet's 2026-05-13 PSIRT batch addresses two unauthenticated remote-code-execution flaws on management-plane Fortinet appliances common in Swiss federal and cantonal estates. CVE-2026-44277 (FortiAuthenticator, the SAML / RADIUS / 802.1X identity broker) and CVE-2026-26083 (FortiSandbox, the malware-analysis appliance) are both pre-auth network-reachable and CVSS ≥ 9. Daily 2026-05-13 confirmed patched builds; no ITW exploitation reported at week-end. Operational implication: FortiAuthenticator sits at the centre of identity-broker trust chains in many public-sector network architectures, so a compromised FortiAuthenticator yields cross-domain credential-issuance capability that is materially worse than a typical RCE — patch state should be verified explicitly on every FortiAuthenticator deployment (Fortinet PSIRT FG-IR-26-128 / FG-IR-26-136; daily 2026-05-13).

vulnerabilities pre-auth rce patch-available global CVE-2026-44277 CVE-2026-26083