Initiatives for
As the national authority for Cybersecurity the CCB has developed several initiatives for specific publics which are presented here.
Warning: Multiple critical, high and medium vulnerabilities in Fortinet FortiSandbox, FortiOS, FortiAP, FortiAnalyzer, FortiManager, Patch Immediately!
Image
Published : 14/05/2026
- Last update: 13/05/2026
- Affected software:
→ FortiSandbox 5.0, 4.4
→ FortiSandbox Cloud 24, 23, 5.0
→ FortiSandbox PaaS 23.4, 23.3, 23.1, 22.2, 22.1, 21.4, 21.3, 5.0, 4.4
→ FortiOS 7.6, 7.4, 7.2
→ FortiAP 7.6, 7.4, 7.2, 6.4 and FortiAP-W2 7.4, 7.2
→ FortiAnalyzer 7.6.0 - 7.6.4, 7.4.0 - 7.4.8, 7.2,
→ FortiManager 7.6.0 - 7.6.4, 7.4.0 - 7.4.8, 7.2- Type:
→ CWE-862: Missing Authorization
→ CWE-787: Out-Of-Bounds Write
→ CWE-78: OS command injection
→ CWE-676: use of potentially Dangerous Function- CVE/CVSS
→ CVE-2026-26083: CVSS 9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
→ CVE-2025-53844: CVSS 8.8 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
→ CVE-2025-53870: CVSS 6.7 (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)
→ CVE-2025-53680: CVSS 6.7 (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)
→ CVE-2025-67604: CVSS 5.3 (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H)
Sources
Fortinet - https://www.fortiguard.com/psirt/FG-IR-26-136
Fortinet - https://www.fortiguard.com/psirt/FG-IR-26-123
Fortinet - https://www.fortiguard.com/psirt/FG-IR-26-133
Fortinet - https://www.fortiguard.com/psirt/FG-IR-26-131
Fortinet - https://www.fortiguard.com/psirt/FG-IR-26-137
Risks
On May 12th, 2026, Fortinet published five advisories about five vulnerabilities affecting multiple of their products, including FortiSandbox (CVE-2026-26083), FortiOS (CVE-2025-53844), FortiAP (CVE-2025-53870, CVE-2025-53680), FortiAnalyzer (CVE-2025-67604), FortiManager (CVE-2025-67604).
CVE-2026-26083, CVE-2025-53844, and CVE-2025-67604 can be exploited by a network based attacker, while CVE-2025-53870, CVE-2025-53680 can only be locally exploited.
None of those five vulnerabilities have been actively exploited in the wild and there is no public proof of concept, as of the writing of this advisory (2026-05-13).
Exploiting CVE-2026-26083, CVE-2025-53844, CVE-2025-53870 or CVE-2025-53680 can have a high impact on all aspects of the CIA triad.
Exploiting CVE-2025-67604 can have a high impact on Availability but no impact on the Confidentiality or Integrity of the affected system.
Description
· CVE-2026-26083: A remote, unauthenticated attacker without any privileges or user interaction can exploit this critical vulnerability in the GUI of FortiSandbox to use HTTP requests to execute unauthorized code. This vulnerability stems from missing authorization.
· CVE-2025-53844: A remote, authenticated attacker with low privileges and without user interaction can use custom crafted packets to exploit this high criticality vulnerability in the capwap daemon of the FortiOS to gain execution privileges on the Fortigate device and execute unauthorized code. This vulnerability stems from an out-of-bounds write.
· CVE-2025-53870, CVE-2025-53680: An authenticated attacker in the local network, can use specially crafted cli commands to exploit one of these two medium criticality vulnerabilities in FortiAP and FortiAP-W2 to elevate their privileges and execute commands without authorization. These vulnerabilities stem from improper neutralization of special elements used in an os command.
· CVE-2025-67604: A remote, authenticated attacker can use custom HTTP requests to exploit this medium criticality vulnerability in FortiManager API and FortiAnalyzer to make the sustem crash and cause Denial of Service. This can only occur if there is an alignment of internal locks, which is not controlable by the attacker. This vulnerability stems from the use of potentially Dangerous Function.
Recommended Actions
Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority after thorough testing.
· CVE-2026-26083: Please upgrade to FortiSandbox 5.0.2, 4.4.9 or above, to a fixed release of FortiSandbox Cloud, or 5.0.6 or above, to a fixed release of FortiSandbox PaaS, or to 5.0.2, or to 4.4.9 or above.
· CVE-2025-53844: Please update to FortiOS 7.6.4, 7.4.9, 7.2.12 or above.
· CVE-2025-53870, CVE-2025-53680: Please update to FortiAP 7.6.3, 7.4.6, FortiAP-W2 7.4.5, 7.2.6 or above.
· CVE-2025-67604: Please update to FortiAnalyzer 7.6.5, 7.4.9, Fortimanager 7.6.5, 7.4.9 or above.
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity and ensure a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via https://ccb.belgium.be/en/cert/report-incident.
While patching appliances or software to the newest version may protect against future exploitation, it does not remediate historic compromise.
References
NIST - https://nvd.nist.gov/vuln/detail/CVE-2026-26083
NIST - https://nvd.nist.gov/vuln/detail/CVE-2025-53844
NIST - https://nvd.nist.gov/vuln/detail/CVE-2025-53870
NIST - https://nvd.nist.gov/vuln/detail/CVE-2025-53680
NIST - https://nvd.nist.gov/vuln/detail/CVE-2025-67604