We usually worry about employees opening emails containing viruses or visiting suspicious websites. But what happens when the threat comes from the very software used by the IT department to manage the network?
In 2026, we witnessed a wave of critical vulnerabilities in extremely popular infrastructure software, such as pgAdmin, Plesk, and Fortinet equipment. At Altanet Craiova, we know that a âholeâ in these programs is like leaving the right key in the door to the server room.
Top 3 Vulnerabilities Targeting Corporate Infrastructure
Hackers are now targeting the "brain" of the network directly. Here are the riskiest targets identified recently:
1. pgAdmin (Databases)
pgAdmin is the most widely used tool for managing PostgreSQL databases. Recently, vulnerabilities were discovered that allow attackers to execute code remotely if the pgAdmin server is exposed to the internet.
The risk: Hackers can steal or delete the companyâs entire database without needing the administrator password.
2. Plesk (Web Hosting)
Plesk is the control panel used by thousands of companies to host their websites. A recent XSS (Cross-Site Scripting) vulnerability combined with root privileges can give attackers full control over all websites on that server.
Risk: Your website could be replaced with phishing pages or used to attack other customers.
3. Fortinet (Network Security)
Fortinetâs VPN and firewall equipment are the guardians of your network. However, âRemote Code Executionâ vulnerabilities discovered in their operating system (FortiOS) allow hackers to cut through the firewall like a knife through butter.
The risk: Attackers enter your internal network and can install ransomware unhindered, even if you have a VPN enabled.
How do you âpatchâ your infrastructure?
The solution isnât to abandon these tools (theyâre industry standard), but to manage them properly:
- Do not expose admin panels to the internet: The golden rule. pgAdmin or the Plesk login page must not be directly accessible from a browser, from anywhere. Hide them behind a VPN.
- Aggressive Patch Management: For security equipment (Fortinet), updates must be applied within 24 hours of the patchâs release. Hackers automatically scan the internet for outdated equipment.
- Log Monitoring: Periodically check who has logged into the admin panels. If you see a login from Brazil at 4 a.m., you have a problem.
To stay up to date on the latest discovered vulnerabilities and necessary patches, we recommend consulting the security bulletins from CISA (Cybersecurity & Infrastructure Security Agency).
Conclusion
Just because you use professional software doesnât make you immune. On the contrary, these powerful tools require even greater responsibility. An outdated server is a ticking time bomb.
Do you need a network equipment check or a secure server update? Our team offers maintenance and proactive IT services. Visit our contact page and let the professionals take care of your infrastructure.
This material is part of Altanetâs educational series on digital security. Want to know what other risks youâre facing this year? See the complete list of cyber threats for 2026.
