Affected Vendors This Week
- Fortinet: 27 CVEs (2 critical, 5 high, 20 medium)
- Cisco: 15 CVEs (4 critical, 1 high, 10 medium)
- ASUS: 2 CVEs (2 none/informational)
- Palo Alto Networks: 2 CVEs (2 none/informational)
- TP-Link: 1 CVE (1 none/informational)
This week brings a significant spike in router and network security vulnerabilities, with 47 new CVEs reported across major vendors. Two vendors — Fortinet and Cisco — dominate the list with critical-severity flaws that demand immediate attention from network administrators and MSPs.
Critical Issues: Cisco and Fortinet Lead
Cisco Identity Services Engine (ISE) is experiencing a rough week with three critical remote code execution vulnerabilities affecting authenticated users. CVE-2026-20180, CVE-2026-20186, and CVE-2026-20147 all carry a CVSS score of 9.9 and allow an authenticated attacker to execute arbitrary commands on the underlying operating system. If ISE is exposed to untrusted networks or users, this represents a severe risk. Additionally, CVE-2026-20184 (CVSS 9.8) in Cisco Webex Services SSO integration is particularly dangerous because it allows unauthenticated remote attackers to impersonate any user — a complete authentication bypass.
Action item: Check your Cisco ISE and Webex deployments immediately and apply security patches. Restrict ISE access to trusted network segments if patches are not yet available.
Fortinet FortiSandbox faces two critical vulnerabilities in versions 4.4.0–4.4.8 and 5.0.0–5.0.5. CVE-2026-39813 (CVSS 9.8) is a path traversal flaw enabling privilege escalation, while CVE-2026-39808 (CVSS 9.8) is an OS command injection vulnerability allowing unauthorized code execution. Both require immediate patching.
Beyond these, Fortinet's broader product line — including FortiDDoS-F, FortiAnalyzer Cloud, FortiManager Cloud, FortiSOAR, and FortiWeb — collectively account for 27 CVEs this week. While most fall into the medium severity range, the concentration of flaws across multiple Fortinet products suggests systemic validation and sanitization gaps in their codebase.
Fortinet's 27-CVE Burden
Nearly 60% of this week's CVE load belongs to Fortinet, spanning diverse product categories. Key high-severity issues include:
- CVE-2026-39815 (CVSS 8.8): SQL injection in FortiDDoS-F 7.2.1–7.2.2
- CVE-2026-22828 (CVSS 8.1): Heap-based buffer overflow in FortiAnalyzer and FortiManager Cloud 7.6.2–7.6.4
- CVE-2026-23708 (CVSS 7.5): Authentication bypass in FortiSOAR (both PaaS and on-premise) across versions 7.5.0–7.6.3
- CVE-2026-40688 (CVSS 7.2): Out-of-bounds write in FortiWeb 7.4.0–8.0.3
- CVE-2025-61848 (CVSS 7.2): SQL injection in FortiAnalyzer 7.6.0–7.6.4
Organizations running Fortinet solutions should prioritize patches for critical and high-severity CVEs, particularly if these products are internet-facing or handle sensitive data. The prevalence of injection flaws (SQL, OS command) suggests reviewing input validation across your Fortinet stack.
Cisco's Secondary Threat
Cisco's 15 CVEs include those critical ISE and Webex issues mentioned above. The remaining 10 are mostly medium-severity flaws in Cisco Unity Connection, Webex Contact Center, and other collaboration products. While less severe than the authentication bypass, CVE-2026-20078 and CVE-2026-20081 (both CVSS 6.5) allow authenticated attackers to download arbitrary files from Unity Connection — a potential data exfiltration vector.
Minor Vendors and Informational Flaws
ASUS, Palo Alto Networks, and TP-Link each reported low or no-severity CVEs this week. CVE-2026-3428 and CVE-2026-1880 in ASUS systems relate to local privilege escalation; CVE-2026-5363 in TP-Link Archer C7 involves password recovery via weak encryption. These pose limited immediate risk for network administrators but may be relevant for endpoint hardening discussions.
Recommendations
- Immediate: Update Cisco ISE and Webex deployments; patch Fortinet FortiSandbox if in use
- This week: Assess exposure of Fortinet products (FortiDDoS-F, FortiAnalyzer, FortiSOAR, FortiWeb) and apply high-severity patches
- Ongoing: Implement network segmentation to limit access to management interfaces; monitor vendor security advisories for patch releases