May 16, 2026 eBuilder signs an agreement for SOC/MDR with a TechHub.
May 11, 2026 eBuilder signs an agreement for SOC/MDR and automated pentests with a company in the publishing business.
May 8, 2026 eBuilder signs a pentest agreement with a leading petrochemical producer.
April 8, 2026 eBuilder signs an agreement for MDR/SOC with a hotel business.
March 13, 2026 eBuilder signs an agreement for SOC-operations with a Swedish municipality.
March 2, 2026 Large international steel company chooses eBuilders Complorer for cybersecurity training.
March 2, 2026 Large international steel company chooses eBuilder as supplier for Penetration testing.
March 2, 2026 A communications/branding agency chooses eBuilders Complorer for cybersecurity training.
Company News
mobile-menu-icon
Vulnerabilities

Fortinet and Ivanti Close Critical Security Holes: Two Still Await AI-Driven Discovery

Blog Reading Time 4 Min Read / May 14, 2026
Fortinet and Ivanti Close Critical Security Holes. Two Still Await AI-Driven Discovery

Fortinet and Ivanti patched 18 critical vulnerabilities on Tuesday including two critical-severity flaws that allow unauthenticated remote code execution. Both companies say they have no evidence of in-the-wild exploitation, though Ivanti warns that artificial intelligence models are accelerating vulnerability discovery to the point where traditional patch cycles may be too slow.

The timing matters because Ivanti disclosed a separate remote code execution flaw just last week that attackers were already exploiting in limited campaigns before the patch existed.

The Fortinet Fixes Target Authentication Bypasses

Fortinet’s two critical vulnerabilities both carry CVSS scores of 9.1 and allow unauthenticated attackers to execute code remotely. CVE-2026-44277 affects FortiAuthenticator’s access control mechanism according to SecurityWeek while CVE-2026-26083 hits FortiSandbox platforms through missing authorization checks. Both can be exploited by sending crafted HTTP requests to vulnerable appliances.

FortiAuthenticator serves as the central authentication hub for RADIUS, LDAP and SAML across enterprise networks, according to CSO Online. A successful attack on these systems could give attackers administrative access to the entire authentication infrastructure. FortiSandbox processes potentially malicious files for threat analysis making it another high-value target for attackers seeking to understand an organization’s security detection capabilities.

Fortinet also patched a high-severity out-of-bounds write vulnerability in FortiOS (CVE-2025-53844) that affects the CAPWAP daemon used to manage wireless access points. This flaw requires an attacker to control an access point endpoint but could lead to remote code execution on FortiGate devices.

The CVE numbers suggest Fortinet discovered these flaws months ago, CVE-2026 designations were assigned for 2026 vulnerabilities indicating internal discovery processes that can take substantial time to work through responsible disclosure.

AI Models Are Finding Flaws Traditional Scanners Miss

Ivanti’s May security update covers vulnerabilities in four products including Secure Access Client, Xtraction, Virtual Traffic Manager and Endpoint Manager. The most severe, CVE-2026-8043 in Xtraction allows authenticated attackers to read sensitive server files and write arbitrary HTML to web directories, a combination that enables stored cross-site scripting or web shell deployment.

But Ivanti’s disclosure includes a significant operational detail. The company has integrated multiple large language models into its product security workflow and is finding vulnerabilities that static and dynamic analysis tools routinely miss. “We have already successfully identified vulnerabilities which traditional tools missed, including some of those disclosed today,” Ivanti stated in its security blog.

The company expects ‘an increase in vulnerability disclosures’ as these AI tools mature and integrate further into development processes. That is both reassuring and concerning, it suggests more comprehensive security testing but also signals that current patch volumes may be artificially low because traditional tooling simply cannot find everything that exists.

The Exploitation Timeline Is Compressing

Ivanti’s warning about AI acceleration comes with recent evidence to back it up. Last week the company disclosed CVE-2026-6973, a remote code execution flaw in Endpoint Manager Mobile that was being exploited in ‘very limited’ attacks before any patch existed. CISA added that vulnerability to its Known Exploited Vulnerabilities catalogue within days, according to The Hacker News.

Cybersecurity News reported that SQL injection vulnerabilities in web consoles like Ivanti’s EPM are “well-documented, easy to weaponise and frequently targeted by ransomware operators and nation-state actors alike.” The publication noted that Fortinet infrastructure has been added to CISA’s KEV catalogue 24 times with 13 of those vulnerabilities actively used in ransomware attacks.

That track record suggests organizations should not wait for evidence of exploitation before patching. The window between disclosure and weaponization is narrowing particularly for products that sit at network perimeters or handle authentication functions.

What to Patch First

Priority one is Fortinet’s CVE-2026-44277 and CVE-2026-26083. Both are remotely exploitable without authentication and affect systems that typically have broad network access. FortiAuthenticator patches are available in versions 6.5.7, 6.6.9 and 8.0.3. FortiSandbox fixes vary by product version and deployment type.

Ivanti’s CVE-2026-8043 in Xtraction requires authentication but enables file read/write access that can be chained with other attacks. The fix is in Xtraction version 2026.2.

Both vendors have published detailed security advisories with version-specific patch guidance. Apply the updates during your next maintenance window if these systems are not internet-facing. If they are externally accessible, patch immediately.

References

  1. Fortinet, Ivanti Patch Critical Vulnerabilities
  2. Fortinet fixes two critical RCE flaws in FortiAuthenticator and FortiSandbox
  3. Ivanti Patches Multiple Vulnerabilities in Secure Access, Xtraction, vTM and Endpoint Manager
  4. Ivanti May 2026 Security Update
  5. Ivanti EPMM CVE-2026-6973 RCE Under Active Exploitation

This post is also available in: Svenska

Related News

Microsoft 365 Copilot Zero-Click Flaw Let Attackers Steal Data Via Email

Microsoft 365 Copilot contained a critical zero-click vulnerability that allowed attackers to exfiltrate sensitive company data simply by sending a malicious email. The flaw, discovered…

Cyber News Calendar icon May 13, 2026

cPanel Zero-Day Exploited for Months Before Patch 44,000 Servers Hit

A critical authentication bypass vulnerability in cPanel has been under active exploitation since February, two months before the vendor issued a patch. CVE-2026-41940 carries a…

Cyber News Calendar icon May 5, 2026

CISA Fast-Tracks Nine-Year-Old Linux Root Bug to Known Exploited List

CISA added CVE-2026-31431 to its Known Exploited Vulnerabilities catalogue on Friday, confirming that a nine-year-old Linux kernel flaw is being exploited in live attacks. The…

Cyber News Calendar icon May 4, 2026
Single Git Push Could Have Compromised Millions of GitHub Repositories

Single Git Push Could Have Compromised Millions of GitHub Repositories

Cyber News Calendar icon April 30, 2026
Microsoft Defender Targeted by Three Zero-Days, Two Remain Unpatched

Microsoft Defender Targeted by Three Zero-Days, Two Remain Unpatched

Cyber News Calendar icon April 24, 2026

Take the next step - secure your business

Ensure your company is protected against cyber threats. Contact us to learn more.

Contact Us