The flaw is linked to the exploitation of older Fortinet firewall vulnerabilities –CVE-2022-42475,CVE-2023-27997, andCVE-2024-21762– and requires that the attacker first compromise the target product via a different security defect.“This vulnerability can only be abused as a consequence of a threat actor exploiting a known vulnerability to implement read-only access to vulnerable FortiGate devices, at file system level. Products that never had SSL-VPN enabled are not impacted by this issue,” Fortinet explains.The company’s fresh round of fixes came out only four days after a critical SQL injection flaw, tracked as CVE-2026-21643 (CVSS score of 9.1), was addressed in FortiClientEMS. The issue could be exploited remotely, without authentication, for arbitrary code execution via crafted HTTP requests.Fortinet makes no mention of any of these vulnerabilities being exploited in the wild, but users are advised to patch them as soon as possible. Additional information can be found on the company’sPSIRT advisoriespage.Related:Fortinet Patches Exploited FortiCloud SSO Authentication BypassRelated:Fortinet Patches Critical Vulnerabilities in FortiFone, FortiSIEMRelated:Fortinet Warns of New Attacks Exploiting Old VulnerabilityRelated:In-the-Wild Exploitation of Fresh Fortinet Flaws Begins
“This vulnerability can only be abused as a consequence of a threat actor exploiting a known vulnerability to implement read-only access to vulnerable FortiGate devices, at file system level. Products that never had SSL-VPN enabled are not impacted by this issue,” Fortinet explains.The company’s fresh round of fixes came out only four days after a critical SQL injection flaw, tracked as CVE-2026-21643 (CVSS score of 9.1), was addressed in FortiClientEMS. The issue could be exploited remotely, without authentication, for arbitrary code execution via crafted HTTP requests.Fortinet makes no mention of any of these vulnerabilities being exploited in the wild, but users are advised to patch them as soon as possible. Additional information can be found on the company’sPSIRT advisoriespage.Related:Fortinet Patches Exploited FortiCloud SSO Authentication BypassRelated:Fortinet Patches Critical Vulnerabilities in FortiFone, FortiSIEMRelated:Fortinet Warns of New Attacks Exploiting Old VulnerabilityRelated:In-the-Wild Exploitation of Fresh Fortinet Flaws Begins
The company’s fresh round of fixes came out only four days after a critical SQL injection flaw, tracked as CVE-2026-21643 (CVSS score of 9.1), was addressed in FortiClientEMS. The issue could be exploited remotely, without authentication, for arbitrary code execution via crafted HTTP requests.Fortinet makes no mention of any of these vulnerabilities being exploited in the wild, but users are advised to patch them as soon as possible. Additional information can be found on the company’sPSIRT advisoriespage.Related:Fortinet Patches Exploited FortiCloud SSO Authentication BypassRelated:Fortinet Patches Critical Vulnerabilities in FortiFone, FortiSIEMRelated:Fortinet Warns of New Attacks Exploiting Old VulnerabilityRelated:In-the-Wild Exploitation of Fresh Fortinet Flaws Begins
Fortinet makes no mention of any of these vulnerabilities being exploited in the wild, but users are advised to patch them as soon as possible. Additional information can be found on the company’sPSIRT advisoriespage.Related:Fortinet Patches Exploited FortiCloud SSO Authentication BypassRelated:Fortinet Patches Critical Vulnerabilities in FortiFone, FortiSIEMRelated:Fortinet Warns of New Attacks Exploiting Old VulnerabilityRelated:In-the-Wild Exploitation of Fresh Fortinet Flaws Begins
Related:Fortinet Patches Exploited FortiCloud SSO Authentication BypassRelated:Fortinet Patches Critical Vulnerabilities in FortiFone, FortiSIEMRelated:Fortinet Warns of New Attacks Exploiting Old VulnerabilityRelated:In-the-Wild Exploitation of Fresh Fortinet Flaws Begins
Related:Fortinet Patches Critical Vulnerabilities in FortiFone, FortiSIEMRelated:Fortinet Warns of New Attacks Exploiting Old VulnerabilityRelated:In-the-Wild Exploitation of Fresh Fortinet Flaws Begins
Related:Fortinet Warns of New Attacks Exploiting Old VulnerabilityRelated:In-the-Wild Exploitation of Fresh Fortinet Flaws Begins
Related:In-the-Wild Exploitation of Fresh Fortinet Flaws Begins
Ionut Arghire is an international correspondent for SecurityWeek.
Attendees will walk away with guidance for how to build robust identity defenses, unify them under a consistent security model, and ensure business operations move quickly without compromise.
Source: SecurityWeek
