CVE

CVE-2023-27997

2field notes · 0digests

Field notes

Analysis · May 10, 2026 · The Commentary Desk
Array Networks patched in a week and forgot to build a security program
CVE-2023-28461 is a CVSS 9.8 auth bypass on an SSL VPN that Earth Kasha was already exploiting. The fix shipped fast. The disclosure infrastructure around it doesn't exist.
Analysis · May 8, 2026 · The Commentary Desk
Five critical Fortinet CVEs in 28 months is not a streak of bad luck
Three heap overflows, two auth bypasses, all pre-auth, all ransomware-linked. The pattern in FortiOS and FortiProxy is structural, and patching alone has not been enough to remove attacker access.