Fortinet Patches Critical RCE Flaws in FortiSandbox and FortiAuthenticator

Fortinet has released patches for two critical vulnerabilities in FortiSandbox and FortiAuthenticator. Both flaws could allow attackers to execute commands or arbitrary code remotely. FortiAuthenticator is commonly deployed as part of RADIUS and single sign-on infrastructure, making it a high-value target in enterprise environments. Patches are available in the May 2026 Fortinet security advisories. Organizations should prioritize these updates, particularly for any FortiAuthenticator instance reachable from untrusted networks.