Fortinet has released a new batch of security advisories addressing multiple vulnerabilities across its enterprise security ecosystem, including FortiSwitch, FortiManager, FortiAnalyzer, and FortiSandbox Cloud. The most critical issue could allow attackers on the same network to execute unauthorized code on affected devices.

The vulnerabilities were disclosed on March 10, 2026, through Fortinet’s Product Security Incident Response Team (PSIRT). According to the official advisory, one flaw carries a CVSS score of 7.7 and could lead to remote command execution via crafted network packets.

The advisories highlight how infrastructure components such as network switches, management consoles, and analytics platforms remain high-value targets for attackers seeking lateral movement inside corporate environments.

High-Severity FortiSwitch Vulnerability Could Enable Remote Code Execution

The most serious vulnerability identified is CVE-2026-22627, a classic buffer overflow vulnerability affecting FortiSwitchAXFixed devices.

The flaw occurs within the LLDP OUI field, a component of the Link Layer Discovery Protocol used for network device communication. According to Fortinet’s advisory, an attacker located on the same adjacent network could exploit the vulnerability by sending a crafted LLDP packet, potentially executing unauthorized commands on the device.

Affected versions include:

• FortiSwitchAXFixed 1.0.0 – 1.0.1

Fortinet recommends upgrading immediately to version 1.0.2 or later to mitigate the issue.

Authentication and MFA Bypass Vulnerabilities Discovered

Fortinet also disclosed multiple vulnerabilities affecting FortiManager and FortiAnalyzer, two core platforms used by enterprises and managed service providers to monitor and control network security infrastructure.

One vulnerability (CVE-2026-22572) could allow attackers who already know an administrator’s password to bypass multi-factor authentication by sending specially crafted requests to the GUI interface.

Affected versions include several releases across FortiManager and FortiAnalyzer platforms.

Upgrading to patched versions such as:

• FortiManager 7.6.4+
• FortiAnalyzer 7.6.4+

is required to remediate the issue.

Race Condition Could Bypass Brute-Force Protection

Another flaw (CVE-2026-22629) involves an authentication lockout bypass caused by a race condition.

The vulnerability allows attackers to bypass brute-force protection mechanisms by sending multiple concurrent authentication attempts.

While the vulnerability has a lower CVSS score (3.4), it could weaken defenses against credential-based attacks when combined with other exploitation techniques.

TLS Validation Flaw Could Enable Man-in-the-Middle Attacks

Fortinet also reported CVE-2025-68482, a vulnerability caused by improper TLS certificate validation during initial SSO authentication.

This flaw could allow attackers to intercept sensitive information via a man-in-the-middle attack, particularly during the initial registration process with FortiCloud.

Affected versions include multiple releases of FortiManager and FortiAnalyzer.

Additional Vulnerabilities Affect FortiSandbox and CLI Access

Several other issues were disclosed as part of the advisory batch:

OS Command Injection in FortiSandbox Cloud

A vulnerability (CVE-2026-25836) could allow a privileged administrator to execute unauthorized commands through crafted HTTP requests in the vmimages update feature.

Fortinet confirmed the issue has already been remediated in FortiSandbox Cloud 5.0.5.

Privilege Escalation via Hidden CLI Command

Another vulnerability (CVE-2025-48418) involves undocumented CLI functionality that could allow a read-only admin with CLI access to escalate privileges.

SSH Configuration Command Execution

A separate flaw affecting FortiSwitchAXFixed could allow authenticated administrators to bypass shell command restrictions by modifying SSH configuration files.

Why This Matters for Enterprise Security

These vulnerabilities highlight a growing trend: network infrastructure tools themselves are increasingly becoming targets for attackers.

Security platforms like FortiManager and FortiAnalyzer often hold:

• network configurations
• device credentials
• security policy rules
• log analytics and threat data

If compromised, attackers could gain deep visibility into enterprise networks or pivot into other critical systems.

Organizations relying on integrated security architectures must treat management platforms as high-value assets requiring strict protection.

For organizations seeking advanced cybersecurity advisory and infrastructure protection, expert support from Saintynet Cybersecurity can help assess exposure and strengthen defenses. Security awareness and technical training programs are also available.

10 Recommended Security Actions

Security teams should take the following steps immediately:

1. Apply Fortinet patches and upgrades for all affected systems.
2. Audit FortiManager and FortiAnalyzer access logs for unusual activity.
3. Review administrative accounts and permissions.
4. Enable strong multi-factor authentication policies.
5. Segment management interfaces from production networks.
6. Monitor LLDP traffic on network infrastructure.
7. Implement strict credential rotation policies.
8. Conduct vulnerability scanning across network devices.
9. Disable unused CLI or SSH access paths.
10. Provide cybersecurity awareness training to IT teams through trusted platforms.

Organizations can also explore related cybersecurity insights and threat intelligence on CyberCory.com, where similar infrastructure security topics are regularly covered.

Conclusion

Fortinet’s latest PSIRT advisory underscores the importance of proactive vulnerability management across enterprise security infrastructure.

While some of the disclosed vulnerabilities require privileged access, others – such as the FortiSwitch buffer overflow flaw – could potentially allow attackers on adjacent networks to execute unauthorized commands.

The release of patches provides a clear remediation path, but organizations must act quickly to reduce exposure.

As cyber threats continue targeting network management platforms, maintaining strong patch management, access controls, and continuous monitoring will remain critical to protecting modern enterprise environments.

CyberCory will continue monitoring new vulnerability disclosures and provide updates as further exploitation activity or mitigation guidance emerges.