Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
1002 vulnerabilities
CVE-2026-40688 (GCVE-0-2026-40688)
Vulnerability from cvelistv5 – Published: 2026-04-14 22:35 – Updated: 2026-04-16 03:55
VLAI?
Summary
An out-of-bounds write vulnerability [CWE-787] vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.3, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4.0 through 7.4.11 may allow a remote privileged attacker to execute arbitrary code or command via crafted HTTP requests.
Severity ?
CWE
- CWE-787 - Execute unauthorized code or commands
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Fortinet | FortiWeb |
Affected:
8.0.0 , ≤ 8.0.3
(semver)
Affected: 7.6.0 , ≤ 7.6.6 (semver) Affected: 7.4.0 , ≤ 7.4.11 (semver) cpe:2.3:a:fortinet:fortiweb:8.0.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:8.0.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:8.0.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:8.0.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.6.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.6.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.6.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.6.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.6.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.6.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.6.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.4.11:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.4.10:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.4.9:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.4.8:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.4.7:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.4.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.4.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.4.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.4.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.4.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.4.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.4.0:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-40688",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-15T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-16T03:55:18.342Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:fortinet:fortiweb:8.0.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:8.0.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:8.0.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:8.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.6.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.6.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.6.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.6.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.6.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.6.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.6.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.4.11:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.4.10:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.4.9:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.4.8:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.4.7:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.4.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.4.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.4.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.4.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.4.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.4.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.4.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiWeb",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "8.0.3",
"status": "affected",
"version": "8.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.6.6",
"status": "affected",
"version": "7.6.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.4.11",
"status": "affected",
"version": "7.4.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An out-of-bounds write vulnerability [CWE-787] vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.3, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4.0 through 7.4.11 may allow a remote privileged attacker to execute arbitrary code or command via crafted HTTP requests."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "Execute unauthorized code or commands",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-15T08:53:24.743Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-26-127",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-127"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to FortiWeb version 8.0.4 or above\nUpgrade to FortiWeb version 7.6.7 or above\nUpgrade to FortiWeb version 7.4.12 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2026-40688",
"datePublished": "2026-04-14T22:35:15.438Z",
"dateReserved": "2026-04-14T22:32:07.399Z",
"dateUpdated": "2026-04-16T03:55:18.342Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-61624 (GCVE-0-2025-61624)
Vulnerability from cvelistv5 – Published: 2026-04-14 15:39 – Updated: 2026-04-14 16:46
VLAI?
Summary
An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') [CWE-22] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.4, FortiOS 7.4.0 through 7.4.9, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions, FortiPAM 1.7.0, FortiPAM 1.6 all versions, FortiPAM 1.5 all versions, FortiPAM 1.4 all versions, FortiPAM 1.3 all versions, FortiPAM 1.2 all versions, FortiPAM 1.1 all versions, FortiPAM 1.0 all versions, FortiProxy 7.6.0 through 7.6.4, FortiProxy 7.4.0 through 7.4.11, FortiProxy 7.2 all versions, FortiProxy 7.0 all versions, FortiSwitchManager 7.2.0 through 7.2.7, FortiSwitchManager 7.0.0 through 7.0.6 may allow an authenticated attacker with admin profile and at least read-write permissions to write or delete arbitrary files via specific CLI commands.
Severity ?
CWE
- CWE-22 - Escalation of privilege
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Fortinet | FortiOS |
Affected:
7.6.0 , ≤ 7.6.4
(semver)
Affected: 7.4.0 , ≤ 7.4.9 (semver) Affected: 7.2.0 , ≤ 7.2.13 (semver) Affected: 7.0.0 , ≤ 7.0.19 (semver) Affected: 6.4.0 , ≤ 6.4.16 (semver) cpe:2.3:o:fortinet:fortios:7.6.4:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.6.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.6.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.6.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.6.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.4.9:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.4.8:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.4.7:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.4.6:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.4.5:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.4.4:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.4.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.4.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.4.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.13:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.12:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.11:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.10:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.9:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.8:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.7:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.6:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.5:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.4:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.19:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.18:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.17:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.16:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.15:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.14:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.13:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.12:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.11:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.10:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.9:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.8:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.7:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.6:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.5:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.4:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.16:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.15:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.14:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.13:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.12:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.11:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.10:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.9:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.8:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.7:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.6:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.5:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.4:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.0:*:*:*:*:*:*:* |
|||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-61624",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-14T16:16:14.420673Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-14T16:46:14.073Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:o:fortinet:fortios:7.6.4:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.6.3:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.6.2:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.6.1:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.6.0:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.4.9:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.4.8:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.4.7:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.4.6:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.4.5:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.4.4:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.4.3:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.4.2:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.4.1:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.2.13:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.2.12:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.2.11:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.2.10:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.2.9:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.2.8:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.2.7:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.2.6:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.2.5:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.2.4:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.2.3:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.2.2:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.2.1:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.0.19:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.0.18:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.0.17:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.0.16:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.0.15:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.0.14:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.0.13:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.0.12:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.0.11:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.0.10:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.0.9:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.0.8:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.0.7:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.0.6:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.0.5:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.0.4:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.0.3:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.0.2:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.0.1:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.4.16:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.4.15:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.4.14:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.4.13:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.4.12:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.4.11:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.4.10:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.4.9:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.4.8:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.4.7:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.4.6:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.4.5:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.4.4:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.4.3:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.4.2:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.4.1:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.4.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiOS",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.6.4",
"status": "affected",
"version": "7.6.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.4.9",
"status": "affected",
"version": "7.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.2.13",
"status": "affected",
"version": "7.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.19",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.4.16",
"status": "affected",
"version": "6.4.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:fortinet:fortiproxy:7.6.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.6.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.6.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.6.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.6.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.4.11:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.4.10:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.4.9:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.4.8:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.4.7:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.4.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.4.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.4.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.4.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.4.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.4.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.4.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.2.16:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.2.15:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.2.14:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.2.13:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.2.12:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.2.11:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.2.10:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.2.9:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.2.8:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.2.7:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.2.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.2.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.2.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.2.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.2.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.2.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.0.23:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.0.22:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.0.21:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.0.20:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.0.19:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.0.18:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.0.17:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.0.16:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.0.15:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.0.14:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.0.13:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.0.12:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.0.11:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.0.10:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.0.9:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.0.8:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.0.7:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.0.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.0.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.0.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.0.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.0.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.0.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiProxy",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.6.4",
"status": "affected",
"version": "7.6.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.4.11",
"status": "affected",
"version": "7.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.2.16",
"status": "affected",
"version": "7.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.23",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:fortinet:fortiswitchmanager:7.2.7:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiswitchmanager:7.2.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiswitchmanager:7.2.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiswitchmanager:7.2.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiswitchmanager:7.2.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiswitchmanager:7.2.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiswitchmanager:7.2.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiswitchmanager:7.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiswitchmanager:7.0.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiswitchmanager:7.0.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiswitchmanager:7.0.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiswitchmanager:7.0.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiswitchmanager:7.0.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiswitchmanager:7.0.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiswitchmanager:7.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiSwitchManager",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.2.7",
"status": "affected",
"version": "7.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.6",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:fortinet:fortipam:1.7.0:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortipam:1.6.2:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortipam:1.6.1:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortipam:1.6.0:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortipam:1.5.1:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortipam:1.5.0:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortipam:1.4.3:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortipam:1.4.2:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortipam:1.4.1:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortipam:1.4.0:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortipam:1.3.1:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortipam:1.3.0:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortipam:1.2.0:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortipam:1.1.2:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortipam:1.1.1:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortipam:1.1.0:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortipam:1.0.3:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortipam:1.0.2:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortipam:1.0.1:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortipam:1.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiPAM",
"vendor": "Fortinet",
"versions": [
{
"status": "affected",
"version": "1.7.0"
},
{
"lessThanOrEqual": "1.6.2",
"status": "affected",
"version": "1.6.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "1.5.1",
"status": "affected",
"version": "1.5.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "1.4.3",
"status": "affected",
"version": "1.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "1.3.1",
"status": "affected",
"version": "1.3.0",
"versionType": "semver"
},
{
"status": "affected",
"version": "1.2.0"
},
{
"lessThanOrEqual": "1.1.2",
"status": "affected",
"version": "1.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "1.0.3",
"status": "affected",
"version": "1.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027) [CWE-22] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.4, FortiOS 7.4.0 through 7.4.9, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions, FortiPAM 1.7.0, FortiPAM 1.6 all versions, FortiPAM 1.5 all versions, FortiPAM 1.4 all versions, FortiPAM 1.3 all versions, FortiPAM 1.2 all versions, FortiPAM 1.1 all versions, FortiPAM 1.0 all versions, FortiProxy 7.6.0 through 7.6.4, FortiProxy 7.4.0 through 7.4.11, FortiProxy 7.2 all versions, FortiProxy 7.0 all versions, FortiSwitchManager 7.2.0 through 7.2.7, FortiSwitchManager 7.0.0 through 7.0.6 may allow an authenticated attacker with admin profile and at least read-write permissions to write or delete arbitrary files via specific CLI commands."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "Escalation of privilege",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-14T15:39:51.445Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-26-122",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-122"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to upcoming FortiOS version 8.0.0 or above\nUpgrade to FortiOS version 7.6.5 or above\nUpgrade to FortiOS version 7.4.10 or above\nUpgrade to FortiProxy version 7.6.5 or above\nUpgrade to FortiProxy version 7.4.12 or above\nUpgrade to FortiPAM version 1.8.0 or above\nUpgrade to FortiPAM version 1.7.1 or above\nFortinet remediated this issue in FortiSASE version 25.4.b and hence customers do not need to perform any action.\nUpgrade to upcoming FortiSwitch version 8.0.0 or above\nUpgrade to FortiSwitch version 7.6.5 or above\nUpgrade to FortiSwitch version 7.4.9 or above\nUpgrade to FortiSwitchManager version 7.2.8 or above\nUpgrade to FortiSwitchManager version 7.0.7 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2025-61624",
"datePublished": "2026-04-14T15:39:51.445Z",
"dateReserved": "2025-09-29T07:36:48.603Z",
"dateUpdated": "2026-04-14T16:46:14.073Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-68649 (GCVE-0-2025-68649)
Vulnerability from cvelistv5 – Published: 2026-04-14 15:39 – Updated: 2026-04-14 16:46
VLAI?
Summary
An improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.7, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer Cloud 7.6.0 through 7.6.4, FortiAnalyzer Cloud 7.4.0 through 7.4.7, FortiAnalyzer Cloud 7.2 all versions, FortiAnalyzer Cloud 7.0 all versions, FortiManager 7.6.0 through 7.6.4, FortiManager 7.4.0 through 7.4.7, FortiManager 7.2 all versions, FortiManager 7.0 all versions, FortiManager Cloud 7.6.0 through 7.6.4, FortiManager Cloud 7.4.0 through 7.4.7, FortiManager Cloud 7.2 all versions, FortiManager Cloud 7.0 all versions may allow a privileged attacker to delete files from the underlying filesystem via crafted CLI requests.
Severity ?
CWE
- CWE-22 - Escalation of privilege
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Fortinet | FortiManager Cloud |
Affected:
7.6.2 , ≤ 7.6.4
(semver)
Affected: 7.4.1 , ≤ 7.4.7 (semver) Affected: 7.2.1 , ≤ 7.2.12 (semver) Affected: 7.0.1 , ≤ 7.0.16 (semver) cpe:2.3:a:fortinet:fortimanagercloud:7.6.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimanagercloud:7.6.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimanagercloud:7.6.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimanagercloud:7.4.7:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimanagercloud:7.4.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimanagercloud:7.4.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimanagercloud:7.4.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimanagercloud:7.4.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimanagercloud:7.4.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimanagercloud:7.4.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimanagercloud:7.2.12:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimanagercloud:7.2.11:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimanagercloud:7.2.10:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimanagercloud:7.2.9:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimanagercloud:7.2.8:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimanagercloud:7.2.7:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimanagercloud:7.2.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimanagercloud:7.2.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimanagercloud:7.2.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimanagercloud:7.2.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimanagercloud:7.2.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimanagercloud:7.2.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimanagercloud:7.0.16:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimanagercloud:7.0.15:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimanagercloud:7.0.14:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimanagercloud:7.0.13:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimanagercloud:7.0.12:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimanagercloud:7.0.11:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimanagercloud:7.0.10:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimanagercloud:7.0.9:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimanagercloud:7.0.8:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimanagercloud:7.0.7:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimanagercloud:7.0.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimanagercloud:7.0.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimanagercloud:7.0.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimanagercloud:7.0.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimanagercloud:7.0.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimanagercloud:7.0.1:*:*:*:*:*:*:* |
|||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-68649",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-14T16:16:05.364770Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-14T16:46:14.224Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:fortinet:fortimanagercloud:7.6.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimanagercloud:7.6.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimanagercloud:7.6.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimanagercloud:7.4.7:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimanagercloud:7.4.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimanagercloud:7.4.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimanagercloud:7.4.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimanagercloud:7.4.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimanagercloud:7.4.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimanagercloud:7.4.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimanagercloud:7.2.12:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimanagercloud:7.2.11:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimanagercloud:7.2.10:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimanagercloud:7.2.9:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimanagercloud:7.2.8:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimanagercloud:7.2.7:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimanagercloud:7.2.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimanagercloud:7.2.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimanagercloud:7.2.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimanagercloud:7.2.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimanagercloud:7.2.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimanagercloud:7.2.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimanagercloud:7.0.16:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimanagercloud:7.0.15:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimanagercloud:7.0.14:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimanagercloud:7.0.13:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimanagercloud:7.0.12:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimanagercloud:7.0.11:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimanagercloud:7.0.10:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimanagercloud:7.0.9:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimanagercloud:7.0.8:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimanagercloud:7.0.7:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimanagercloud:7.0.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimanagercloud:7.0.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimanagercloud:7.0.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimanagercloud:7.0.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimanagercloud:7.0.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimanagercloud:7.0.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiManager Cloud",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.6.4",
"status": "affected",
"version": "7.6.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.4.7",
"status": "affected",
"version": "7.4.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.2.12",
"status": "affected",
"version": "7.2.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.16",
"status": "affected",
"version": "7.0.1",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:fortinet:fortimanager:7.6.4:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.6.3:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.6.2:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.6.1:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.6.0:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.4.7:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.4.6:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.4.5:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.4.4:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.4.3:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.4.2:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.4.1:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.4.0:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.2.12:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.2.11:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.2.10:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.2.9:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.2.8:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.2.7:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.2.6:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.2.5:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.2.4:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.2.3:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.2.2:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.2.1:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.2.0:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.0.16:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.0.15:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.0.14:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.0.13:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.0.12:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.0.11:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.0.10:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.0.9:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.0.8:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.0.7:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.0.6:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.0.5:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.0.4:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.0.3:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.0.2:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.0.1:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiManager",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.6.4",
"status": "affected",
"version": "7.6.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.4.7",
"status": "affected",
"version": "7.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.2.12",
"status": "affected",
"version": "7.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.16",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:fortinet:fortianalyzer:7.6.4:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:7.6.3:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:7.6.2:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:7.6.1:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:7.6.0:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:7.4.7:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:7.4.6:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:7.4.5:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:7.4.4:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:7.4.3:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:7.4.2:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:7.4.1:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:7.4.0:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:7.2.12:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:7.2.11:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:7.2.10:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:7.2.9:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:7.2.8:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:7.2.7:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:7.2.6:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:7.2.5:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:7.2.4:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:7.2.3:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:7.2.2:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:7.2.1:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:7.2.0:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:7.0.16:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:7.0.15:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:7.0.14:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:7.0.13:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:7.0.12:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:7.0.11:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:7.0.10:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:7.0.9:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:7.0.8:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:7.0.7:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:7.0.6:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:7.0.5:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:7.0.4:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:7.0.3:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:7.0.2:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:7.0.1:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:7.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiAnalyzer",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.6.4",
"status": "affected",
"version": "7.6.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.4.7",
"status": "affected",
"version": "7.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.2.12",
"status": "affected",
"version": "7.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.16",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:fortinet:fortianalyzercloud:7.6.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortianalyzercloud:7.4.7:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortianalyzercloud:7.4.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortianalyzercloud:7.4.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortianalyzercloud:7.4.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortianalyzercloud:7.4.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortianalyzercloud:7.4.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortianalyzercloud:7.4.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortianalyzercloud:7.2.12:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortianalyzercloud:7.2.11:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortianalyzercloud:7.2.10:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortianalyzercloud:7.2.9:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortianalyzercloud:7.2.8:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortianalyzercloud:7.2.7:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortianalyzercloud:7.2.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortianalyzercloud:7.2.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortianalyzercloud:7.2.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortianalyzercloud:7.2.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortianalyzercloud:7.2.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortianalyzercloud:7.2.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortianalyzercloud:7.0.16:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortianalyzercloud:7.0.15:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortianalyzercloud:7.0.14:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortianalyzercloud:7.0.13:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortianalyzercloud:7.0.12:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortianalyzercloud:7.0.11:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortianalyzercloud:7.0.10:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortianalyzercloud:7.0.9:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortianalyzercloud:7.0.8:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortianalyzercloud:7.0.7:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortianalyzercloud:7.0.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortianalyzercloud:7.0.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortianalyzercloud:7.0.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortianalyzercloud:7.0.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortianalyzercloud:7.0.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortianalyzercloud:7.0.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiAnalyzer Cloud",
"vendor": "Fortinet",
"versions": [
{
"status": "affected",
"version": "7.6.2"
},
{
"lessThanOrEqual": "7.4.7",
"status": "affected",
"version": "7.4.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.2.12",
"status": "affected",
"version": "7.2.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.16",
"status": "affected",
"version": "7.0.1",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An improper limitation of a pathname to a restricted directory (\u0027path traversal\u0027) vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.7, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer Cloud 7.6.0 through 7.6.4, FortiAnalyzer Cloud 7.4.0 through 7.4.7, FortiAnalyzer Cloud 7.2 all versions, FortiAnalyzer Cloud 7.0 all versions, FortiManager 7.6.0 through 7.6.4, FortiManager 7.4.0 through 7.4.7, FortiManager 7.2 all versions, FortiManager 7.0 all versions, FortiManager Cloud 7.6.0 through 7.6.4, FortiManager Cloud 7.4.0 through 7.4.7, FortiManager Cloud 7.2 all versions, FortiManager Cloud 7.0 all versions may allow a privileged attacker to delete files from the underlying filesystem via crafted CLI requests."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "Escalation of privilege",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-14T15:39:46.446Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-26-120",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-120"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to FortiManager Cloud version 7.6.5 or above\nUpgrade to FortiManager Cloud version 7.4.8 or above\nUpgrade to FortiManager version 7.6.5 or above\nUpgrade to FortiManager version 7.4.8 or above\nUpgrade to FortiAnalyzer version 7.6.5 or above\nUpgrade to FortiAnalyzer version 7.4.8 or above\nUpgrade to FortiAnalyzer Cloud version 7.6.5 or above\nUpgrade to FortiAnalyzer Cloud version 7.4.8 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2025-68649",
"datePublished": "2026-04-14T15:39:46.446Z",
"dateReserved": "2025-12-22T07:42:48.338Z",
"dateUpdated": "2026-04-14T16:46:14.224Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-21741 (GCVE-0-2026-21741)
Vulnerability from cvelistv5 – Published: 2026-04-14 15:39 – Updated: 2026-04-14 16:15
VLAI?
Summary
An URL Redirection to Untrusted Site ('Open Redirect') vulnerability [CWE-601] vulnerability in Fortinet FortiNAC-F 7.6.0 through 7.6.5, FortiNAC-F 7.4 all versions, FortiNAC-F 7.2 all versions may allow a remote privileged attacker with system administrator role to redirect users to an arbitrary website via crafted CSV file.
Severity ?
CWE
- CWE-601 - Execute unauthorized code or commands
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Fortinet | FortiNAC-F |
Affected:
7.6.0 , ≤ 7.6.5
(semver)
Affected: 7.4.0 , ≤ 7.4.3 (semver) Affected: 7.2.0 , ≤ 7.2.9 (semver) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-21741",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-14T16:15:45.406424Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-14T16:15:52.069Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [],
"defaultStatus": "unaffected",
"product": "FortiNAC-F",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.6.5",
"status": "affected",
"version": "7.6.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.4.3",
"status": "affected",
"version": "7.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.2.9",
"status": "affected",
"version": "7.2.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An URL Redirection to Untrusted Site (\u0027Open Redirect\u0027) vulnerability [CWE-601] vulnerability in Fortinet FortiNAC-F 7.6.0 through 7.6.5, FortiNAC-F 7.4 all versions, FortiNAC-F 7.2 all versions may allow a remote privileged attacker with system administrator role to redirect users to an arbitrary website via crafted CSV file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.2,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-601",
"description": "Execute unauthorized code or commands",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-14T15:39:45.334Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-26-118",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-118"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to upcoming FortiNAC-F version 7.6.6 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2026-21741",
"datePublished": "2026-04-14T15:39:45.334Z",
"dateReserved": "2026-01-05T14:17:53.224Z",
"dateUpdated": "2026-04-14T16:15:52.069Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-39813 (GCVE-0-2026-39813)
Vulnerability from cvelistv5 – Published: 2026-04-14 15:38 – Updated: 2026-04-15 03:58
VLAI?
Summary
A path traversal: '../filedir' vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8 may allow attacker to escalation of privilege via <insert attack vector here>
Severity ?
9.1 (Critical)
CWE
- CWE-24 - Escalation of privilege
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Fortinet | FortiSandbox |
Affected:
5.0.0 , ≤ 5.0.5
(semver)
Affected: 4.4.0 , ≤ 4.4.8 (semver) cpe:2.3:a:fortinet:fortisandbox:5.0.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisandbox:5.0.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisandbox:5.0.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisandbox:5.0.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisandbox:5.0.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisandbox:5.0.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisandbox:4.4.8:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisandbox:4.4.7:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisandbox:4.4.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisandbox:4.4.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisandbox:4.4.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisandbox:4.4.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisandbox:4.4.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisandbox:4.4.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisandbox:4.4.0:*:*:*:*:*:*:* |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-39813",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-14T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-15T03:58:20.016Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:fortinet:fortisandbox:5.0.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisandbox:5.0.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisandbox:5.0.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisandbox:5.0.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisandbox:5.0.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisandbox:5.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisandbox:4.4.8:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisandbox:4.4.7:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisandbox:4.4.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisandbox:4.4.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisandbox:4.4.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisandbox:4.4.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisandbox:4.4.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisandbox:4.4.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisandbox:4.4.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiSandbox",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "5.0.5",
"status": "affected",
"version": "5.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.4.8",
"status": "affected",
"version": "4.4.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:fortinet:fortisandboxcloud:24.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisandboxcloud:23.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisandboxcloud:5.0.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisandboxcloud:5.0.4:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiSandbox Cloud",
"vendor": "Fortinet",
"versions": [
{
"status": "affected",
"version": "24.1"
},
{
"status": "affected",
"version": "23.4"
},
{
"lessThanOrEqual": "5.0.5",
"status": "affected",
"version": "5.0.4",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A path traversal: \u0027../filedir\u0027 vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8 may allow attacker to escalation of privilege via \u003cinsert attack vector here\u003e"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-24",
"description": "Escalation of privilege",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-14T15:38:30.311Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-26-112",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-112"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to upcoming FortiSandbox version 5.2.0 or above\nUpgrade to FortiSandbox version 5.0.6 or above\nUpgrade to FortiSandbox version 4.4.9 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2026-39813",
"datePublished": "2026-04-14T15:38:30.311Z",
"dateReserved": "2026-04-07T15:24:13.846Z",
"dateUpdated": "2026-04-15T03:58:20.016Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-61848 (GCVE-0-2025-61848)
Vulnerability from cvelistv5 – Published: 2026-04-14 15:38 – Updated: 2026-04-15 03:58
VLAI?
Summary
An improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.8, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer Cloud 7.6.0 through 7.6.4, FortiAnalyzer Cloud 7.4.0 through 7.4.8, FortiAnalyzer Cloud 7.2 all versions, FortiAnalyzer Cloud 7.0 all versions, FortiManager 7.6.0 through 7.6.4, FortiManager 7.4.0 through 7.4.8, FortiManager 7.2 all versions, FortiManager 7.0 all versions, FortiManager Cloud 7.6.0 through 7.6.4, FortiManager Cloud 7.4.0 through 7.4.8, FortiManager Cloud 7.2 all versions, FortiManager Cloud 7.0 all versions may allow a privileged authenticated attacker to execute unauthorized code or commands via JSON RPC API
Severity ?
CWE
- CWE-89 - Execute unauthorized code or commands
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Fortinet | FortiManager |
Affected:
7.6.0 , ≤ 7.6.3
(semver)
cpe:2.3:o:fortinet:fortimanager:7.6.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.6.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.6.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.6.0:*:*:*:*:*:*:* |
|||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-61848",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-14T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-15T03:58:25.023Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:o:fortinet:fortimanager:7.6.3:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.6.2:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.6.1:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.6.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiManager",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.6.3",
"status": "affected",
"version": "7.6.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:fortinet:fortianalyzer:7.6.3:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:7.6.2:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:7.6.1:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:7.6.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiAnalyzer",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.6.3",
"status": "affected",
"version": "7.6.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:fortinet:fortimanagercloud:7.6.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimanagercloud:7.6.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimanagercloud:7.6.2:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiManager Cloud",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.6.4",
"status": "affected",
"version": "7.6.2",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:fortinet:fortianalyzercloud:7.6.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortianalyzercloud:7.6.2:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiAnalyzer Cloud",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.6.3",
"status": "affected",
"version": "7.6.2",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An improper neutralization of special elements used in an sql command (\u0027sql injection\u0027) vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.8, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer Cloud 7.6.0 through 7.6.4, FortiAnalyzer Cloud 7.4.0 through 7.4.8, FortiAnalyzer Cloud 7.2 all versions, FortiAnalyzer Cloud 7.0 all versions, FortiManager 7.6.0 through 7.6.4, FortiManager 7.4.0 through 7.4.8, FortiManager 7.2 all versions, FortiManager 7.0 all versions, FortiManager Cloud 7.6.0 through 7.6.4, FortiManager Cloud 7.4.0 through 7.4.8, FortiManager Cloud 7.2 all versions, FortiManager Cloud 7.0 all versions may allow a privileged authenticated attacker to execute unauthorized code or commands via JSON RPC API"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "Execute unauthorized code or commands",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-14T15:38:24.009Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-26-111",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-111"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to upcoming FortiManager version 8.0.0 or above\nUpgrade to FortiManager version 7.6.5 or above\nUpgrade to FortiManager version 7.4.9 or above\nUpgrade to FortiAnalyzer version 7.6.5 or above\nUpgrade to FortiAnalyzer version 7.4.9 or above\nUpgrade to FortiAnalyzer Cloud version 7.6.4 or above\nUpgrade to FortiManager Cloud version 7.6.5 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2025-61848",
"datePublished": "2026-04-14T15:38:24.009Z",
"dateReserved": "2025-10-01T18:21:09.224Z",
"dateUpdated": "2026-04-15T03:58:25.023Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-22828 (GCVE-0-2026-22828)
Vulnerability from cvelistv5 – Published: 2026-04-14 15:38 – Updated: 2026-04-15 03:58
VLAI?
Summary
A heap-based buffer overflow vulnerability in Fortinet FortiAnalyzer Cloud 7.6.2 through 7.6.4, FortiManager Cloud 7.6.2 through 7.6.4 may allow a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests. Successful exploitation would require a large amount of effort in preparation because of ASLR and network segmentation
Severity ?
CWE
- CWE-122 - Escalation of privilege
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Fortinet | FortiAnalyzer Cloud |
Affected:
7.6.2 , ≤ 7.6.4
(semver)
cpe:2.3:a:fortinet:fortianalyzercloud:7.6.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortianalyzercloud:7.6.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortianalyzercloud:7.6.2:*:*:*:*:*:*:* |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-22828",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-14T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-15T03:58:26.193Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:fortinet:fortianalyzercloud:7.6.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortianalyzercloud:7.6.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortianalyzercloud:7.6.2:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiAnalyzer Cloud",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.6.4",
"status": "affected",
"version": "7.6.2",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:fortinet:fortimanagercloud:7.6.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimanagercloud:7.6.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimanagercloud:7.6.2:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiManager Cloud",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.6.4",
"status": "affected",
"version": "7.6.2",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A heap-based buffer overflow vulnerability in Fortinet FortiAnalyzer Cloud 7.6.2 through 7.6.4, FortiManager Cloud 7.6.2 through 7.6.4 may allow a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests. Successful exploitation would require a large amount of effort in preparation because of ASLR and network segmentation"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "Escalation of privilege",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-14T15:38:22.657Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-26-121",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-121"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to upcoming FortiManager Cloud version 8.0.0 or above\nUpgrade to FortiManager Cloud version 7.6.5 or above\nUpgrade to upcoming FortiAnalyzer Cloud version 8.0.0 or above\nUpgrade to FortiAnalyzer Cloud version 7.6.5 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2026-22828",
"datePublished": "2026-04-14T15:38:22.657Z",
"dateReserved": "2026-01-12T08:32:04.788Z",
"dateUpdated": "2026-04-15T03:58:26.193Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-39815 (GCVE-0-2026-39815)
Vulnerability from cvelistv5 – Published: 2026-04-14 15:38 – Updated: 2026-04-14 17:35
VLAI?
Summary
A improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiDDoS-F 7.2.1 through 7.2.2 may allow attacker to execute unauthorized code or commands via sending crafted HTTP requests
Severity ?
CWE
- CWE-89 - Execute unauthorized code or commands
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Fortinet | FortiDDoS-F |
Affected:
7.2.1 , ≤ 7.2.2
(semver)
cpe:2.3:o:fortinet:fortiddos-f:7.2.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortiddos-f:7.2.1:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-39815",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-14T16:22:55.316897Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-14T16:46:14.769Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:o:fortinet:fortiddos-f:7.2.2:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortiddos-f:7.2.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiDDoS-F",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.2.2",
"status": "affected",
"version": "7.2.1",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A improper neutralization of special elements used in an sql command (\u0027sql injection\u0027) vulnerability in Fortinet FortiDDoS-F 7.2.1 through 7.2.2 may allow attacker to execute unauthorized code or commands via sending crafted HTTP requests"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.9,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "Execute unauthorized code or commands",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-14T17:35:54.853Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-26-119",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-119"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to FortiDDoS-F version 7.2.3 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2026-39815",
"datePublished": "2026-04-14T15:38:22.588Z",
"dateReserved": "2026-04-07T15:24:20.512Z",
"dateUpdated": "2026-04-14T17:35:54.853Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-22573 (GCVE-0-2026-22573)
Vulnerability from cvelistv5 – Published: 2026-04-14 15:38 – Updated: 2026-04-14 16:46
VLAI?
Summary
An improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.3, FortiSOAR PaaS 7.5 all versions, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.0 through 7.6.3, FortiSOAR on-premise 7.5 all versions, FortiSOAR on-premise 7.4 all versions, FortiSOAR on-premise 7.3 all versions may allow an authenticated remote attacker to perform path traversal attack via File Content Extraction actions.
Severity ?
CWE
- CWE-22 - Information disclosure
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Fortinet | FortiSOAR on-premise |
Affected:
7.6.0 , ≤ 7.6.3
(semver)
Affected: 7.5.0 , ≤ 7.5.3 (semver) Affected: 7.4.0 , ≤ 7.4.5 (semver) Affected: 7.3.0 , ≤ 7.3.3 (semver) cpe:2.3:a:fortinet:fortisoaron-premise:7.6.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.6.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.6.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.6.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.5.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.5.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.5.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.5.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.4.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.4.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.4.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.4.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.4.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.4.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.3.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.3.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.3.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.3.0:*:*:*:*:*:*:* |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-22573",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-14T16:24:34.309578Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-14T16:46:14.901Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:fortinet:fortisoaron-premise:7.6.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.6.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.6.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.6.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.5.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.5.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.5.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.5.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.4.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.4.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.4.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.4.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.4.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.4.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.3.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.3.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.3.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.3.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiSOAR on-premise",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.6.3",
"status": "affected",
"version": "7.6.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.5.3",
"status": "affected",
"version": "7.5.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.4.5",
"status": "affected",
"version": "7.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.3.3",
"status": "affected",
"version": "7.3.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:fortinet:fortisoarpaas:7.6.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.6.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.6.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.6.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.5.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.5.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.5.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.5.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.4.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.4.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.4.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.4.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.4.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.4.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.3.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.3.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.3.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.3.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiSOAR PaaS",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.6.3",
"status": "affected",
"version": "7.6.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.5.3",
"status": "affected",
"version": "7.5.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.4.5",
"status": "affected",
"version": "7.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.3.3",
"status": "affected",
"version": "7.3.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An improper limitation of a pathname to a restricted directory (\u0027path traversal\u0027) vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.3, FortiSOAR PaaS 7.5 all versions, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.0 through 7.6.3, FortiSOAR on-premise 7.5 all versions, FortiSOAR on-premise 7.4 all versions, FortiSOAR on-premise 7.3 all versions may allow an authenticated remote attacker to perform path traversal attack via File Content Extraction actions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:H/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "Information disclosure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-14T15:38:22.081Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-26-116",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-116"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to FortiSOAR on-premise version 7.6.4 or above\nUpgrade to FortiSOAR PaaS version 7.6.4 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2026-22573",
"datePublished": "2026-04-14T15:38:22.081Z",
"dateReserved": "2026-01-07T18:30:44.883Z",
"dateUpdated": "2026-04-14T16:46:14.901Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-61886 (GCVE-0-2025-61886)
Vulnerability from cvelistv5 – Published: 2026-04-14 15:38 – Updated: 2026-04-14 16:46
VLAI?
Summary
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability [CWE-79] vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.4, FortiSandbox PaaS 5.0.0 through 5.0.4 may allow an attacker to perform an XSS attack via crafted HTTP requests.
Severity ?
CWE
- CWE-79 - Execute unauthorized code or commands
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Fortinet | FortiSandbox PaaS |
Affected:
5.0.0 , ≤ 5.0.4
(semver)
cpe:2.3:a:fortinet:fortisandboxpaas:5.0.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisandboxpaas:5.0.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisandboxpaas:5.0.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisandboxpaas:5.0.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisandboxpaas:5.0.0:*:*:*:*:*:*:* |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-61886",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-14T16:24:45.323517Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-14T16:46:15.066Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:fortinet:fortisandboxpaas:5.0.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisandboxpaas:5.0.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisandboxpaas:5.0.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisandboxpaas:5.0.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisandboxpaas:5.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiSandbox PaaS",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "5.0.4",
"status": "affected",
"version": "5.0.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:fortinet:fortisandbox:5.0.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisandbox:5.0.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisandbox:5.0.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisandbox:5.0.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisandbox:5.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiSandbox",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "5.0.4",
"status": "affected",
"version": "5.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability [CWE-79] vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.4, FortiSandbox PaaS 5.0.0 through 5.0.4 may allow an attacker to perform an XSS attack via crafted HTTP requests."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Execute unauthorized code or commands",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-14T15:38:21.587Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-26-109",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-109"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to FortiSandbox PaaS version 5.0.5 or above\nUpgrade to FortiSandbox version 5.0.5 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2025-61886",
"datePublished": "2026-04-14T15:38:21.587Z",
"dateReserved": "2025-10-03T08:50:52.097Z",
"dateUpdated": "2026-04-14T16:46:15.066Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-39810 (GCVE-0-2026-39810)
Vulnerability from cvelistv5 – Published: 2026-04-14 15:38 – Updated: 2026-04-14 17:41
VLAI?
Summary
A use of hard-coded cryptographic key vulnerability in Fortinet FortiClientEMS 7.4.0 through 7.4.5 may allow attacker to information disclosure via decrypting database dump.
Severity ?
CWE
- CWE-321 - Information disclosure
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Fortinet | FortiClientEMS |
Affected:
7.4.3 , ≤ 7.4.5
(semver)
Affected: 7.4.0 , ≤ 7.4.1 (semver) cpe:2.3:a:fortinet:forticlientems:7.4.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientems:7.4.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientems:7.4.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientems:7.4.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientems:7.4.0:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-39810",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-14T16:25:24.721264Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-14T16:46:15.215Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:fortinet:forticlientems:7.4.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientems:7.4.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientems:7.4.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientems:7.4.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientems:7.4.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiClientEMS",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.4.5",
"status": "affected",
"version": "7.4.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.4.1",
"status": "affected",
"version": "7.4.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A use of hard-coded cryptographic key vulnerability in Fortinet FortiClientEMS 7.4.0 through 7.4.5 may allow attacker to information disclosure via decrypting database dump."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-321",
"description": "Information disclosure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-14T17:41:54.082Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-26-107",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-107"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to FortiClientEMS version 7.4.6 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2026-39810",
"datePublished": "2026-04-14T15:38:21.194Z",
"dateReserved": "2026-04-07T15:24:09.072Z",
"dateUpdated": "2026-04-14T17:41:54.082Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-39811 (GCVE-0-2026-39811)
Vulnerability from cvelistv5 – Published: 2026-04-14 15:38 – Updated: 2026-04-14 16:46
VLAI?
Summary
A integer overflow or wraparound vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.3, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4 all versions, FortiWeb 7.2 all versions, FortiWeb 7.0 all versions may allow attacker to denial of service via <insert attack vector here>
Severity ?
CWE
- CWE-190 - Denial of service
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Fortinet | FortiWeb |
Affected:
8.0.0 , ≤ 8.0.3
(semver)
Affected: 7.6.0 , ≤ 7.6.6 (semver) Affected: 7.4.0 , ≤ 7.4.12 (semver) Affected: 7.2.0 , ≤ 7.2.12 (semver) Affected: 7.0.0 , ≤ 7.0.12 (semver) cpe:2.3:a:fortinet:fortiweb:8.0.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:8.0.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:8.0.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:8.0.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.6.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.6.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.6.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.6.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.6.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.6.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.6.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.4.12:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.4.11:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.4.10:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.4.9:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.4.8:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.4.7:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.4.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.4.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.4.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.4.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.4.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.4.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.4.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.2.12:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.2.11:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.2.10:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.2.9:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.2.8:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.2.7:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.2.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.2.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.2.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.2.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.2.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.2.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.2.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.0.12:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.0.11:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.0.10:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.0.9:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.0.8:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.0.7:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.0.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.0.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.0.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.0.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.0.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.0.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.0.0:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-39811",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-14T16:25:41.160205Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-14T16:46:15.353Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:fortinet:fortiweb:8.0.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:8.0.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:8.0.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:8.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.6.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.6.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.6.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.6.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.6.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.6.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.6.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.4.12:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.4.11:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.4.10:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.4.9:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.4.8:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.4.7:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.4.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.4.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.4.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.4.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.4.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.4.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.4.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.2.12:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.2.11:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.2.10:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.2.9:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.2.8:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.2.7:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.2.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.2.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.2.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.2.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.2.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.2.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.0.12:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.0.11:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.0.10:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.0.9:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.0.8:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.0.7:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.0.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.0.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.0.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.0.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.0.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.0.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiWeb",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "8.0.3",
"status": "affected",
"version": "8.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.6.6",
"status": "affected",
"version": "7.6.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.4.12",
"status": "affected",
"version": "7.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.2.12",
"status": "affected",
"version": "7.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.12",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A integer overflow or wraparound vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.3, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4 all versions, FortiWeb 7.2 all versions, FortiWeb 7.0 all versions may allow attacker to denial of service via \u003cinsert attack vector here\u003e"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "Denial of service",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-14T15:38:20.186Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-26-108",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-108"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to FortiWeb version 8.0.4 or above\nUpgrade to FortiWeb version 7.6.7 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2026-39811",
"datePublished": "2026-04-14T15:38:20.186Z",
"dateReserved": "2026-04-07T15:24:09.991Z",
"dateUpdated": "2026-04-14T16:46:15.353Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-23104 (GCVE-0-2024-23104)
Vulnerability from cvelistv5 – Published: 2026-04-14 15:38 – Updated: 2026-04-14 16:46
VLAI?
Summary
An exposure of sensitive information to an unauthorized actor vulnerability in Fortinet FortiNDR 7.6.0, FortiNDR 7.4.0 through 7.4.8, FortiNDR 7.2 all versions, FortiNDR 7.1 all versions, FortiNDR 7.0 all versions, FortiVoice 7.0.0 through 7.0.1 may allow a remote authenticated attacker with at least read-only permission on system maintenance to access backup information via crafted HTTP requests
Severity ?
CWE
- CWE-200 - Information disclosure
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Fortinet | FortiVoice |
Affected:
7.0.0 , ≤ 7.0.1
(semver)
cpe:2.3:a:fortinet:fortivoice:7.0.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortivoice:7.0.0:*:*:*:*:*:*:* |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-23104",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-14T16:25:58.464987Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-14T16:46:15.501Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:fortinet:fortivoice:7.0.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortivoice:7.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiVoice",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.0.1",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:fortinet:fortindr:7.6.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.4.8:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.4.7:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.4.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.4.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.4.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.4.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.4.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.4.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.4.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.2.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.2.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.2.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.2.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.2.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.1.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.0.7:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.0.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.0.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.0.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.0.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.0.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.0.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiNDR",
"vendor": "Fortinet",
"versions": [
{
"status": "affected",
"version": "7.6.0"
},
{
"lessThanOrEqual": "7.4.8",
"status": "affected",
"version": "7.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.2.5",
"status": "affected",
"version": "7.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.1.1",
"status": "affected",
"version": "7.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.7",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An exposure of sensitive information to an unauthorized actor vulnerability in Fortinet FortiNDR 7.6.0, FortiNDR 7.4.0 through 7.4.8, FortiNDR 7.2 all versions, FortiNDR 7.1 all versions, FortiNDR 7.0 all versions, FortiVoice 7.0.0 through 7.0.1 may allow a remote authenticated attacker with at least read-only permission on system maintenance to access backup information via crafted HTTP requests"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "Information disclosure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-14T15:38:18.540Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-26-124",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-124"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to FortiVoice version 7.0.2 or above\nUpgrade to FortiVoice version 6.4.9 or above\nUpgrade to FortiNDR version 7.6.1 or above\nUpgrade to FortiNDR version 7.4.9 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2024-23104",
"datePublished": "2026-04-14T15:38:18.540Z",
"dateReserved": "2024-01-11T16:29:07.978Z",
"dateUpdated": "2026-04-14T16:46:15.501Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-39812 (GCVE-0-2026-39812)
Vulnerability from cvelistv5 – Published: 2026-04-14 15:38 – Updated: 2026-04-14 16:46
VLAI?
Summary
A improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8, FortiSandbox 4.2 all versions, FortiSandbox PaaS 5.0.0 through 5.0.5, FortiSandbox PaaS 4.4.0 through 4.4.8, FortiSandbox PaaS 4.2 all versions may allow attacker to execute unauthorized code or commands via <insert attack vector here>
Severity ?
CWE
- CWE-79 - Execute unauthorized code or commands
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Fortinet | FortiSandbox |
Affected:
5.0.0 , ≤ 5.0.4
(semver)
Affected: 4.4.0 , ≤ 4.4.8 (semver) Affected: 4.2.1 , ≤ 4.2.8 (semver) cpe:2.3:a:fortinet:fortisandbox:5.0.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisandbox:5.0.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisandbox:5.0.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisandbox:5.0.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisandbox:5.0.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisandbox:4.4.8:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisandbox:4.4.7:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisandbox:4.4.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisandbox:4.4.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisandbox:4.4.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisandbox:4.4.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisandbox:4.4.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisandbox:4.4.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisandbox:4.4.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisandbox:4.2.8:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisandbox:4.2.7:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisandbox:4.2.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisandbox:4.2.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisandbox:4.2.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisandbox:4.2.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisandbox:4.2.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisandbox:4.2.1:*:*:*:*:*:*:* |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-39812",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-14T16:26:08.654637Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-14T16:46:15.629Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:fortinet:fortisandbox:5.0.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisandbox:5.0.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisandbox:5.0.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisandbox:5.0.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisandbox:5.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisandbox:4.4.8:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisandbox:4.4.7:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisandbox:4.4.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisandbox:4.4.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisandbox:4.4.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisandbox:4.4.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisandbox:4.4.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisandbox:4.4.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisandbox:4.4.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisandbox:4.2.8:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisandbox:4.2.7:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisandbox:4.2.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisandbox:4.2.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisandbox:4.2.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisandbox:4.2.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisandbox:4.2.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisandbox:4.2.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiSandbox",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "5.0.4",
"status": "affected",
"version": "5.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.4.8",
"status": "affected",
"version": "4.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.2.8",
"status": "affected",
"version": "4.2.1",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:fortinet:fortisandboxpaas:5.0.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisandboxpaas:5.0.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisandboxpaas:5.0.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisandboxpaas:5.0.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisandboxpaas:5.0.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisandboxpaas:5.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisandboxpaas:4.4.8:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisandboxpaas:4.4.7:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisandboxpaas:4.4.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisandboxpaas:4.4.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisandboxpaas:4.4.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisandboxpaas:4.4.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisandboxpaas:4.4.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisandboxpaas:4.4.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisandboxpaas:4.4.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisandboxpaas:4.2.8:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisandboxpaas:4.2.7:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisandboxpaas:4.2.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisandboxpaas:4.2.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisandboxpaas:4.2.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisandboxpaas:4.2.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisandboxpaas:4.2.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisandboxpaas:4.2.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiSandbox PaaS",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "5.0.5",
"status": "affected",
"version": "5.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.4.8",
"status": "affected",
"version": "4.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.2.8",
"status": "affected",
"version": "4.2.1",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A improper neutralization of input during web page generation (\u0027cross-site scripting\u0027) vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8, FortiSandbox 4.2 all versions, FortiSandbox PaaS 5.0.0 through 5.0.5, FortiSandbox PaaS 4.4.0 through 4.4.8, FortiSandbox PaaS 4.2 all versions may allow attacker to execute unauthorized code or commands via \u003cinsert attack vector here\u003e"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Execute unauthorized code or commands",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-14T15:38:18.366Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-26-110",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-110"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to FortiSandbox version 5.0.6 or above\nUpgrade to FortiSandbox version 4.4.9 or above\nUpgrade to FortiSandbox PaaS version 5.0.6 or above\nUpgrade to FortiSandbox PaaS version 4.4.9 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2026-39812",
"datePublished": "2026-04-14T15:38:18.366Z",
"dateReserved": "2026-04-07T15:24:11.535Z",
"dateUpdated": "2026-04-14T16:46:15.629Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-23708 (GCVE-0-2026-23708)
Vulnerability from cvelistv5 – Published: 2026-04-14 15:38 – Updated: 2026-04-15 03:58
VLAI?
Summary
A improper authentication vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.3, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR on-premise 7.6.0 through 7.6.3, FortiSOAR on-premise 7.5.0 through 7.5.2 may allow an unauthenticated attacker to bypass authentication via replaying captured 2FA request. The attack requires being able to intercept and decrypt authentication traffic and precise timing to replay the request before token expiration, which raises the attack complexity.
Severity ?
CWE
- CWE-287 - Escalation of privilege
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Fortinet | FortiSOAR PaaS |
Affected:
7.6.0 , ≤ 7.6.3
(semver)
Affected: 7.5.0 , ≤ 7.5.2 (semver) cpe:2.3:a:fortinet:fortisoarpaas:7.6.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.6.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.6.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.6.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.5.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.5.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.5.0:*:*:*:*:*:*:* |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-23708",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-14T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-15T03:58:22.574Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:fortinet:fortisoarpaas:7.6.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.6.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.6.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.6.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.5.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.5.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.5.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiSOAR PaaS",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.6.3",
"status": "affected",
"version": "7.6.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.5.2",
"status": "affected",
"version": "7.5.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:fortinet:fortisoaron-premise:7.6.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.6.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.6.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.6.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.5.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.5.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.5.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiSOAR on-premise",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.6.3",
"status": "affected",
"version": "7.6.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.5.2",
"status": "affected",
"version": "7.5.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A improper authentication vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.3, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR on-premise 7.6.0 through 7.6.3, FortiSOAR on-premise 7.5.0 through 7.5.2 may allow an unauthenticated attacker to bypass authentication via replaying captured 2FA request. The attack requires being able to intercept and decrypt authentication traffic and precise timing to replay the request before token expiration, which raises the attack complexity."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "Escalation of privilege",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-14T15:38:18.327Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-26-101",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-101"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to FortiSOAR PaaS version 7.6.4 or above\nUpgrade to upcoming FortiSOAR PaaS version 7.5.3 or above\nUpgrade to FortiSOAR on-premise version 7.6.4 or above\nUpgrade to upcoming FortiSOAR on-premise version 7.5.3 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2026-23708",
"datePublished": "2026-04-14T15:38:18.327Z",
"dateReserved": "2026-01-15T13:00:41.463Z",
"dateUpdated": "2026-04-15T03:58:22.574Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-39814 (GCVE-0-2026-39814)
Vulnerability from cvelistv5 – Published: 2026-04-14 15:38 – Updated: 2026-04-15 03:58
VLAI?
Summary
A relative path traversal vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.2, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4.1 through 7.4.12, FortiWeb 7.2.7 through 7.2.12, FortiWeb 7.0.10 through 7.0.12 may allow attacker to execute unauthorized code or commands via <insert attack vector here>
Severity ?
CWE
- CWE-23 - Execute unauthorized code or commands
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Fortinet | FortiWeb |
Affected:
8.0.0 , ≤ 8.0.2
(semver)
Affected: 7.6.0 , ≤ 7.6.6 (semver) Affected: 7.4.1 , ≤ 7.4.12 (semver) cpe:2.3:a:fortinet:fortiweb:8.0.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:8.0.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:8.0.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.6.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.6.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.6.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.6.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.6.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.6.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.6.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.4.12:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.4.11:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.4.10:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.4.9:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.4.8:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.4.7:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.4.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.4.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.4.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.4.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.4.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.4.1:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-39814",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-14T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-15T03:58:21.366Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:fortinet:fortiweb:8.0.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:8.0.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:8.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.6.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.6.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.6.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.6.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.6.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.6.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.6.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.4.12:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.4.11:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.4.10:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.4.9:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.4.8:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.4.7:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.4.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.4.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.4.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.4.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.4.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.4.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiWeb",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "8.0.2",
"status": "affected",
"version": "8.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.6.6",
"status": "affected",
"version": "7.6.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.4.12",
"status": "affected",
"version": "7.4.1",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A relative path traversal vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.2, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4.1 through 7.4.12, FortiWeb 7.2.7 through 7.2.12, FortiWeb 7.0.10 through 7.0.12 may allow attacker to execute unauthorized code or commands via \u003cinsert attack vector here\u003e"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-23",
"description": "Execute unauthorized code or commands",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-14T15:38:16.660Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-26-114",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-114"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to FortiWeb version 8.0.3 or above\nUpgrade to FortiWeb version 7.6.7 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2026-39814",
"datePublished": "2026-04-14T15:38:16.660Z",
"dateReserved": "2026-04-07T15:24:15.182Z",
"dateUpdated": "2026-04-15T03:58:21.366Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-25691 (GCVE-0-2026-25691)
Vulnerability from cvelistv5 – Published: 2026-04-14 15:38 – Updated: 2026-04-14 16:46
VLAI?
Summary
A improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8, FortiSandbox 4.2 all versions, FortiSandbox Cloud 5.0.4, FortiSandbox PaaS 5.0.4 may allow a privileged attacker with super-admin profile and CLI access to delete an arbitrary directory via HTTP crafted requests.
Severity ?
CWE
- CWE-22 - Execute unauthorized code or commands
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Fortinet | FortiSandbox PaaS |
Affected:
5.0.4
cpe:2.3:a:fortinet:fortisandboxpaas:5.0.4:*:*:*:*:*:*:* |
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-25691",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-14T16:34:33.306644Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-14T16:46:16.085Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:fortinet:fortisandboxpaas:5.0.4:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiSandbox PaaS",
"vendor": "Fortinet",
"versions": [
{
"status": "affected",
"version": "5.0.4"
}
]
},
{
"cpes": [
"cpe:2.3:a:fortinet:fortisandboxcloud:5.0.4:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiSandbox Cloud",
"vendor": "Fortinet",
"versions": [
{
"status": "affected",
"version": "5.0.4"
}
]
},
{
"cpes": [
"cpe:2.3:a:fortinet:fortisandbox:5.0.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisandbox:5.0.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisandbox:5.0.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisandbox:5.0.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisandbox:5.0.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisandbox:5.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisandbox:4.4.8:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisandbox:4.4.7:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisandbox:4.4.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisandbox:4.4.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisandbox:4.4.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisandbox:4.4.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisandbox:4.4.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisandbox:4.4.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisandbox:4.4.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisandbox:4.2.8:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisandbox:4.2.7:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisandbox:4.2.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisandbox:4.2.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisandbox:4.2.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisandbox:4.2.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisandbox:4.2.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisandbox:4.2.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiSandbox",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "5.0.5",
"status": "affected",
"version": "5.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.4.8",
"status": "affected",
"version": "4.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.2.8",
"status": "affected",
"version": "4.2.1",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A improper limitation of a pathname to a restricted directory (\u0027path traversal\u0027) vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8, FortiSandbox 4.2 all versions, FortiSandbox Cloud 5.0.4, FortiSandbox PaaS 5.0.4 may allow a privileged attacker with super-admin profile and CLI access to delete an arbitrary directory via HTTP crafted requests."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H/E:F/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "Execute unauthorized code or commands",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-14T15:38:16.406Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-26-115",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-115"
}
],
"solutions": [
{
"lang": "en",
"value": "Fortinet remediated this issue in FortiSandbox Cloud version 5.0.5 and hence customers do not need to perform any action.\nUpgrade to upcoming FortiSandbox version 5.2.0 or above\nUpgrade to FortiSandbox version 5.0.6 or above\nUpgrade to FortiSandbox version 4.4.9 or above\nUpgrade to FortiSandbox PaaS version 5.0.5 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2026-25691",
"datePublished": "2026-04-14T15:38:16.406Z",
"dateReserved": "2026-02-05T08:56:55.794Z",
"dateUpdated": "2026-04-14T16:46:16.085Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-59809 (GCVE-0-2025-59809)
Vulnerability from cvelistv5 – Published: 2026-04-14 15:38 – Updated: 2026-04-14 16:46
VLAI?
Summary
A server-side request forgery (ssrf) vulnerability [CWE-918] vulnerability in Fortinet FortiSOAR PaaS 7.6.4, FortiSOAR PaaS 7.6.0 through 7.6.2, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.4, FortiSOAR on-premise 7.6.0 through 7.6.2, FortiSOAR on-premise 7.5.0 through 7.5.2, FortiSOAR on-premise 7.4 all versions, FortiSOAR on-premise 7.3 all versions may allow an authenticated attacker to discover services running on local ports via crafted requests.
Severity ?
CWE
- CWE-918 - Information disclosure
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Fortinet | FortiSOAR on-premise |
Affected:
7.6.4
Affected: 7.6.0 , ≤ 7.6.2 (semver) Affected: 7.5.0 , ≤ 7.5.2 (semver) Affected: 7.4.0 , ≤ 7.4.5 (semver) Affected: 7.3.0 , ≤ 7.3.3 (semver) cpe:2.3:a:fortinet:fortisoaron-premise:7.6.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.6.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.6.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.6.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.5.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.5.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.5.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.4.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.4.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.4.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.4.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.4.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.4.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.3.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.3.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.3.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.3.0:*:*:*:*:*:*:* |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-59809",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-14T16:34:45.731183Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-14T16:46:16.247Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:fortinet:fortisoaron-premise:7.6.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.6.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.6.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.6.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.5.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.5.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.5.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.4.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.4.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.4.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.4.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.4.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.4.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.3.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.3.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.3.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.3.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiSOAR on-premise",
"vendor": "Fortinet",
"versions": [
{
"status": "affected",
"version": "7.6.4"
},
{
"lessThanOrEqual": "7.6.2",
"status": "affected",
"version": "7.6.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.5.2",
"status": "affected",
"version": "7.5.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.4.5",
"status": "affected",
"version": "7.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.3.3",
"status": "affected",
"version": "7.3.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:fortinet:fortisoarpaas:7.6.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.6.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.6.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.6.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.5.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.5.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.5.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.4.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.4.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.4.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.4.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.4.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.4.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.3.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.3.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.3.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.3.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiSOAR PaaS",
"vendor": "Fortinet",
"versions": [
{
"status": "affected",
"version": "7.6.4"
},
{
"lessThanOrEqual": "7.6.2",
"status": "affected",
"version": "7.6.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.5.2",
"status": "affected",
"version": "7.5.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.4.5",
"status": "affected",
"version": "7.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.3.3",
"status": "affected",
"version": "7.3.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A server-side request forgery (ssrf) vulnerability [CWE-918] vulnerability in Fortinet FortiSOAR PaaS 7.6.4, FortiSOAR PaaS 7.6.0 through 7.6.2, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.4, FortiSOAR on-premise 7.6.0 through 7.6.2, FortiSOAR on-premise 7.5.0 through 7.5.2, FortiSOAR on-premise 7.4 all versions, FortiSOAR on-premise 7.3 all versions may allow an authenticated attacker to discover services running on local ports via crafted requests."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "Information disclosure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-14T15:38:15.104Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-26-103",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-103"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to FortiSOAR on-premise version 7.6.5 or above\nUpgrade to FortiSOAR on-premise version 7.6.3 or above\nUpgrade to upcoming FortiSOAR on-premise version 7.5.3 or above\nUpgrade to FortiSOAR PaaS version 7.6.5 or above\nUpgrade to FortiSOAR PaaS version 7.6.3 or above\nUpgrade to upcoming FortiSOAR PaaS version 7.5.3 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2025-59809",
"datePublished": "2026-04-14T15:38:15.104Z",
"dateReserved": "2025-09-22T08:19:21.055Z",
"dateUpdated": "2026-04-14T16:46:16.247Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-22155 (GCVE-0-2026-22155)
Vulnerability from cvelistv5 – Published: 2026-04-14 15:38 – Updated: 2026-04-14 16:46
VLAI?
Summary
A cleartext transmission of sensitive information vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.3, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.0 through 7.6.2, FortiSOAR on-premise 7.5.0 through 7.5.1, FortiSOAR on-premise 7.4 all versions, FortiSOAR on-premise 7.3 all versions may allow attacker to information disclosure via <insert attack vector here>
Severity ?
CWE
- CWE-319 - Information disclosure
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Fortinet | FortiSOAR on-premise |
Affected:
7.6.0 , ≤ 7.6.2
(semver)
Affected: 7.5.0 , ≤ 7.5.1 (semver) Affected: 7.4.0 , ≤ 7.4.5 (semver) Affected: 7.3.0 , ≤ 7.3.3 (semver) cpe:2.3:a:fortinet:fortisoaron-premise:7.6.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.6.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.6.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.5.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.5.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.4.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.4.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.4.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.4.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.4.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.4.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.3.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.3.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.3.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.3.0:*:*:*:*:*:*:* |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-22155",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-14T16:34:58.769731Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-14T16:46:16.501Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:fortinet:fortisoaron-premise:7.6.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.6.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.6.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.5.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.5.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.4.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.4.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.4.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.4.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.4.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.4.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.3.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.3.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.3.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.3.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiSOAR on-premise",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.6.2",
"status": "affected",
"version": "7.6.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.5.1",
"status": "affected",
"version": "7.5.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.4.5",
"status": "affected",
"version": "7.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.3.3",
"status": "affected",
"version": "7.3.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:fortinet:fortisoarpaas:7.6.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.6.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.6.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.6.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.5.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.5.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.5.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.4.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.4.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.4.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.4.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.4.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.4.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.3.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.3.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.3.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.3.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiSOAR PaaS",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.6.3",
"status": "affected",
"version": "7.6.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.5.2",
"status": "affected",
"version": "7.5.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.4.5",
"status": "affected",
"version": "7.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.3.3",
"status": "affected",
"version": "7.3.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A cleartext transmission of sensitive information vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.3, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.0 through 7.6.2, FortiSOAR on-premise 7.5.0 through 7.5.1, FortiSOAR on-premise 7.4 all versions, FortiSOAR on-premise 7.3 all versions may allow attacker to information disclosure via \u003cinsert attack vector here\u003e"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-319",
"description": "Information disclosure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-14T15:38:13.806Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-26-106",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-106"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to FortiSOAR PaaS version 7.6.4 or above\nUpgrade to upcoming FortiSOAR PaaS version 7.5.3 or above\nUpgrade to FortiSOAR on-premise version 7.6.4 or above\nUpgrade to FortiSOAR on-premise version 7.6.3 or above\nUpgrade to upcoming FortiSOAR on-premise version 7.5.3 or above\nUpgrade to FortiSOAR on-premise version 7.5.2 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2026-22155",
"datePublished": "2026-04-14T15:38:13.806Z",
"dateReserved": "2026-01-06T15:01:17.447Z",
"dateUpdated": "2026-04-14T16:46:16.501Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-21742 (GCVE-0-2026-21742)
Vulnerability from cvelistv5 – Published: 2026-04-14 15:38 – Updated: 2026-04-14 16:46
VLAI?
Summary
A cleartext transmission of sensitive information vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.3, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.0 through 7.6.2, FortiSOAR on-premise 7.5.0 through 7.5.1, FortiSOAR on-premise 7.4 all versions, FortiSOAR on-premise 7.3 all versions may allow an authenticated attacker to view cleartext password in response for Secure Message Exchange and Radius queries, if configured
Severity ?
CWE
- CWE-319 - Information disclosure
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Fortinet | FortiSOAR PaaS |
Affected:
7.6.0 , ≤ 7.6.2
(semver)
Affected: 7.5.0 , ≤ 7.5.1 (semver) Affected: 7.4.0 , ≤ 7.4.5 (semver) Affected: 7.3.0 , ≤ 7.3.3 (semver) cpe:2.3:a:fortinet:fortisoarpaas:7.6.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.6.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.6.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.5.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.5.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.4.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.4.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.4.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.4.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.4.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.4.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.3.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.3.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.3.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.3.0:*:*:*:*:*:*:* |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-21742",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-14T16:35:12.570489Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-14T16:46:16.652Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:fortinet:fortisoarpaas:7.6.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.6.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.6.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.5.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.5.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.4.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.4.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.4.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.4.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.4.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.4.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.3.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.3.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.3.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.3.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiSOAR PaaS",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.6.2",
"status": "affected",
"version": "7.6.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.5.1",
"status": "affected",
"version": "7.5.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.4.5",
"status": "affected",
"version": "7.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.3.3",
"status": "affected",
"version": "7.3.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:fortinet:fortisoaron-premise:7.6.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.6.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.6.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.5.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.5.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.4.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.4.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.4.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.4.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.4.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.4.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.3.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.3.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.3.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.3.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiSOAR on-premise",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.6.2",
"status": "affected",
"version": "7.6.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.5.1",
"status": "affected",
"version": "7.5.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.4.5",
"status": "affected",
"version": "7.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.3.3",
"status": "affected",
"version": "7.3.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A cleartext transmission of sensitive information vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.3, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.0 through 7.6.2, FortiSOAR on-premise 7.5.0 through 7.5.1, FortiSOAR on-premise 7.4 all versions, FortiSOAR on-premise 7.3 all versions may allow an authenticated attacker to view cleartext password in response for Secure Message Exchange and Radius queries, if configured"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-319",
"description": "Information disclosure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-14T15:38:13.389Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-26-106",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-106"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to FortiSOAR PaaS version 7.6.4 or above\nUpgrade to upcoming FortiSOAR PaaS version 7.5.3 or above\nUpgrade to FortiSOAR on-premise version 7.6.4 or above\nUpgrade to FortiSOAR on-premise version 7.6.3 or above\nUpgrade to upcoming FortiSOAR on-premise version 7.5.3 or above\nUpgrade to FortiSOAR on-premise version 7.5.2 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2026-21742",
"datePublished": "2026-04-14T15:38:13.389Z",
"dateReserved": "2026-01-05T14:17:53.224Z",
"dateUpdated": "2026-04-14T16:46:16.652Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-22574 (GCVE-0-2026-22574)
Vulnerability from cvelistv5 – Published: 2026-04-14 15:38 – Updated: 2026-04-14 16:46
VLAI?
Summary
A storing passwords in a recoverable format vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.4, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.0 through 7.6.4, FortiSOAR on-premise 7.5.0 through 7.5.2, FortiSOAR on-premise 7.4 all versions, FortiSOAR on-premise 7.3 all versions may allow an authenticated remote attacker to retrieve Service account password via server address modification in LDAP configuration.
Severity ?
CWE
- CWE-257 - Information disclosure
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Fortinet | FortiSOAR PaaS |
Affected:
7.6.0 , ≤ 7.6.4
(semver)
Affected: 7.5.0 , ≤ 7.5.2 (semver) Affected: 7.4.0 , ≤ 7.4.5 (semver) Affected: 7.3.0 , ≤ 7.3.3 (semver) cpe:2.3:a:fortinet:fortisoarpaas:7.6.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.6.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.6.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.6.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.6.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.5.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.5.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.5.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.4.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.4.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.4.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.4.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.4.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.4.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.3.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.3.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.3.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.3.0:*:*:*:*:*:*:* |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-22574",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-14T16:35:22.098427Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-14T16:46:16.794Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:fortinet:fortisoarpaas:7.6.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.6.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.6.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.6.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.6.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.5.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.5.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.5.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.4.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.4.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.4.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.4.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.4.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.4.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.3.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.3.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.3.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.3.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiSOAR PaaS",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.6.4",
"status": "affected",
"version": "7.6.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.5.2",
"status": "affected",
"version": "7.5.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.4.5",
"status": "affected",
"version": "7.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.3.3",
"status": "affected",
"version": "7.3.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:fortinet:fortisoaron-premise:7.6.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.6.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.6.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.6.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.6.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.5.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.5.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.5.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.4.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.4.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.4.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.4.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.4.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.4.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.3.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.3.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.3.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.3.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiSOAR on-premise",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.6.4",
"status": "affected",
"version": "7.6.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.5.2",
"status": "affected",
"version": "7.5.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.4.5",
"status": "affected",
"version": "7.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.3.3",
"status": "affected",
"version": "7.3.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A storing passwords in a recoverable format vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.4, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.0 through 7.6.4, FortiSOAR on-premise 7.5.0 through 7.5.2, FortiSOAR on-premise 7.4 all versions, FortiSOAR on-premise 7.3 all versions may allow an authenticated remote attacker to retrieve Service account password via server address modification in LDAP configuration."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N/E:H/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-257",
"description": "Information disclosure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-14T15:38:08.130Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-26-105",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-105"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to FortiSOAR on-premise version 7.6.5 or above\nUpgrade to upcoming FortiSOAR on-premise version 7.5.3 or above\nUpgrade to FortiSOAR PaaS version 7.6.5 or above\nUpgrade to upcoming FortiSOAR PaaS version 7.5.3 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2026-22574",
"datePublished": "2026-04-14T15:38:08.130Z",
"dateReserved": "2026-01-07T18:30:44.883Z",
"dateUpdated": "2026-04-14T16:46:16.794Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-22154 (GCVE-0-2026-22154)
Vulnerability from cvelistv5 – Published: 2026-04-14 15:38 – Updated: 2026-04-14 16:46
VLAI?
Summary
An improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.3, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.0 through 7.6.3, FortiSOAR on-premise 7.5.0 through 7.5.2, FortiSOAR on-premise 7.4 all versions, FortiSOAR on-premise 7.3 all versions may allow an authenticated remote attacker to perform a stored cross site scripting (XSS) attack via crafted HTTP Requests.
Severity ?
CWE
- CWE-79 - Escalation of privilege
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Fortinet | FortiSOAR PaaS |
Affected:
7.6.0 , ≤ 7.6.3
(semver)
Affected: 7.5.0 , ≤ 7.5.2 (semver) Affected: 7.4.0 , ≤ 7.4.5 (semver) Affected: 7.3.0 , ≤ 7.3.3 (semver) cpe:2.3:a:fortinet:fortisoarpaas:7.6.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.6.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.6.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.6.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.5.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.5.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.5.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.4.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.4.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.4.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.4.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.4.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.4.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.3.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.3.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.3.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.3.0:*:*:*:*:*:*:* |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-22154",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-14T16:35:48.704992Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-14T16:46:17.029Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:fortinet:fortisoarpaas:7.6.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.6.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.6.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.6.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.5.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.5.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.5.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.4.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.4.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.4.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.4.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.4.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.4.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.3.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.3.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.3.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.3.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiSOAR PaaS",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.6.3",
"status": "affected",
"version": "7.6.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.5.2",
"status": "affected",
"version": "7.5.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.4.5",
"status": "affected",
"version": "7.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.3.3",
"status": "affected",
"version": "7.3.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:fortinet:fortisoaron-premise:7.6.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.6.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.6.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.6.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.5.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.5.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.5.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.4.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.4.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.4.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.4.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.4.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.4.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.3.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.3.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.3.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.3.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiSOAR on-premise",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.6.3",
"status": "affected",
"version": "7.6.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.5.2",
"status": "affected",
"version": "7.5.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.4.5",
"status": "affected",
"version": "7.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.3.3",
"status": "affected",
"version": "7.3.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An improper neutralization of input during web page generation (\u0027cross-site scripting\u0027) vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.3, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.0 through 7.6.3, FortiSOAR on-premise 7.5.0 through 7.5.2, FortiSOAR on-premise 7.4 all versions, FortiSOAR on-premise 7.3 all versions may allow an authenticated remote attacker to perform a stored cross site scripting (XSS) attack via crafted HTTP Requests."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N/E:H/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Escalation of privilege",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-14T15:38:07.043Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-26-117",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-117"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to FortiSOAR on-premise version 7.6.4 or above\nUpgrade to upcoming FortiSOAR on-premise version 7.5.3 or above\nUpgrade to FortiSOAR PaaS version 7.6.4 or above\nUpgrade to upcoming FortiSOAR PaaS version 7.5.3 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2026-22154",
"datePublished": "2026-04-14T15:38:07.043Z",
"dateReserved": "2026-01-06T15:01:17.447Z",
"dateUpdated": "2026-04-14T16:46:17.029Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-53847 (GCVE-0-2025-53847)
Vulnerability from cvelistv5 – Published: 2026-04-14 15:38 – Updated: 2026-04-14 16:46
VLAI?
Summary
A missing authentication for critical function vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2.0 through 7.2.11, FortiOS 7.0.0 through 7.0.17, FortiOS 6.4 all versions, FortiOS 6.2.9 through 6.2.17 allows attacker to execute unauthorized code or commands via specially crafted packets.
Severity ?
CWE
- CWE-306 - Execute unauthorized code or commands
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Fortinet | FortiOS |
Affected:
7.6.0 , ≤ 7.6.3
(semver)
Affected: 7.4.0 , ≤ 7.4.8 (semver) Affected: 7.2.0 , ≤ 7.2.11 (semver) Affected: 7.0.0 , ≤ 7.0.17 (semver) Affected: 6.4.0 , ≤ 6.4.16 (semver) Affected: 6.2.9 , ≤ 6.2.17 (semver) cpe:2.3:o:fortinet:fortios:7.6.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.6.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.6.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.6.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.4.8:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.4.7:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.4.6:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.4.5:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.4.4:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.4.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.4.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.4.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.11:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.10:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.9:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.8:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.7:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.6:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.5:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.4:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.17:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.16:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.15:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.14:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.13:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.12:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.11:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.10:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.9:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.8:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.7:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.6:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.5:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.4:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.16:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.15:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.14:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.13:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.12:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.11:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.10:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.9:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.8:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.7:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.6:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.5:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.4:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.2.17:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.2.16:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.2.15:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.2.14:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.2.13:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.2.12:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.2.11:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.2.10:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.2.9:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-53847",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-14T16:33:19.912953Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-14T16:46:17.175Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:o:fortinet:fortios:7.6.3:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.6.2:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.6.1:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.6.0:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.4.8:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.4.7:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.4.6:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.4.5:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.4.4:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.4.3:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.4.2:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.4.1:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.2.11:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.2.10:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.2.9:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.2.8:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.2.7:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.2.6:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.2.5:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.2.4:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.2.3:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.2.2:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.2.1:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.0.17:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.0.16:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.0.15:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.0.14:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.0.13:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.0.12:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.0.11:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.0.10:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.0.9:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.0.8:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.0.7:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.0.6:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.0.5:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.0.4:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.0.3:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.0.2:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.0.1:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.4.16:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.4.15:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.4.14:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.4.13:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.4.12:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.4.11:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.4.10:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.4.9:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.4.8:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.4.7:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.4.6:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.4.5:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.4.4:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.4.3:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.4.2:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.4.1:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.4.0:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.2.17:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.2.16:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.2.15:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.2.14:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.2.13:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.2.12:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.2.11:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.2.10:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.2.9:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiOS",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.6.3",
"status": "affected",
"version": "7.6.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.4.8",
"status": "affected",
"version": "7.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.2.11",
"status": "affected",
"version": "7.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.17",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.4.16",
"status": "affected",
"version": "6.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.2.17",
"status": "affected",
"version": "6.2.9",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A missing authentication for critical function vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2.0 through 7.2.11, FortiOS 7.0.0 through 7.0.17, FortiOS 6.4 all versions, FortiOS 6.2.9 through 6.2.17 allows attacker to execute unauthorized code or commands via specially crafted packets."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:F/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "Execute unauthorized code or commands",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-14T15:38:06.336Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-26-125",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-125"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to FortiOS version 7.6.4 or above\nUpgrade to FortiOS version 7.4.9 or above\nUpgrade to FortiOS version 7.2.12 or above\nUpgrade to FortiOS version 7.0.18 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2025-53847",
"datePublished": "2026-04-14T15:38:06.336Z",
"dateReserved": "2025-07-10T08:53:33.015Z",
"dateUpdated": "2026-04-14T16:46:17.175Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-22576 (GCVE-0-2026-22576)
Vulnerability from cvelistv5 – Published: 2026-04-14 15:38 – Updated: 2026-04-14 16:46
VLAI?
Summary
A storing passwords in a recoverable format vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.4, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.0 through 7.6.4, FortiSOAR on-premise 7.5.0 through 7.5.2, FortiSOAR on-premise 7.4 all versions, FortiSOAR on-premise 7.3 all versions may allow an authenticated remote attacker to retrieve passwords for multiple installed connectors via server address modification in connector configuration.
Severity ?
CWE
- CWE-257 - Information disclosure
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Fortinet | FortiSOAR PaaS |
Affected:
7.6.0 , ≤ 7.6.4
(semver)
Affected: 7.5.0 , ≤ 7.5.2 (semver) Affected: 7.4.0 , ≤ 7.4.5 (semver) Affected: 7.3.0 , ≤ 7.3.3 (semver) cpe:2.3:a:fortinet:fortisoarpaas:7.6.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.6.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.6.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.6.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.6.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.5.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.5.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.5.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.4.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.4.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.4.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.4.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.4.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.4.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.3.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.3.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.3.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoarpaas:7.3.0:*:*:*:*:*:*:* |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-22576",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-14T16:29:52.411885Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-14T16:46:17.327Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:fortinet:fortisoarpaas:7.6.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.6.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.6.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.6.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.6.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.5.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.5.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.5.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.4.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.4.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.4.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.4.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.4.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.4.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.3.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.3.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.3.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoarpaas:7.3.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiSOAR PaaS",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.6.4",
"status": "affected",
"version": "7.6.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.5.2",
"status": "affected",
"version": "7.5.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.4.5",
"status": "affected",
"version": "7.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.3.3",
"status": "affected",
"version": "7.3.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:fortinet:fortisoaron-premise:7.6.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.6.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.6.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.6.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.6.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.5.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.5.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.5.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.4.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.4.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.4.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.4.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.4.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.4.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.3.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.3.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.3.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.3.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiSOAR on-premise",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.6.4",
"status": "affected",
"version": "7.6.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.5.2",
"status": "affected",
"version": "7.5.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.4.5",
"status": "affected",
"version": "7.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.3.3",
"status": "affected",
"version": "7.3.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A storing passwords in a recoverable format vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.4, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.0 through 7.6.4, FortiSOAR on-premise 7.5.0 through 7.5.2, FortiSOAR on-premise 7.4 all versions, FortiSOAR on-premise 7.3 all versions may allow an authenticated remote attacker to retrieve passwords for multiple installed connectors via server address modification in connector configuration."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:X/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-257",
"description": "Information disclosure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-14T15:38:05.576Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-26-104",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-104"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to FortiSOAR on-premise version 7.6.5 or above\nUpgrade to upcoming FortiSOAR on-premise version 7.5.3 or above\nUpgrade to FortiSOAR PaaS version 7.6.5 or above\nUpgrade to upcoming FortiSOAR PaaS version 7.5.3 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2026-22576",
"datePublished": "2026-04-14T15:38:05.576Z",
"dateReserved": "2026-01-07T18:30:44.883Z",
"dateUpdated": "2026-04-14T16:46:17.327Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-27316 (GCVE-0-2026-27316)
Vulnerability from cvelistv5 – Published: 2026-04-14 15:38 – Updated: 2026-04-14 16:46
VLAI?
Summary
A insufficiently protected credentials vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4 all versions, FortiSandbox PaaS 5.0.1 through 5.0.5 may allow an authenticathed administrator to read LDAP server credentials via client-side inspection.
Severity ?
CWE
- CWE-522 - Information disclosure
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Fortinet | FortiSandbox |
Affected:
5.0.0 , ≤ 5.0.5
(semver)
Affected: 4.4.0 , ≤ 4.4.9 (semver) cpe:2.3:a:fortinet:fortisandbox:5.0.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisandbox:5.0.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisandbox:5.0.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisandbox:5.0.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisandbox:5.0.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisandbox:5.0.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisandbox:4.4.9:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisandbox:4.4.8:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisandbox:4.4.7:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisandbox:4.4.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisandbox:4.4.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisandbox:4.4.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisandbox:4.4.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisandbox:4.4.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisandbox:4.4.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisandbox:4.4.0:*:*:*:*:*:*:* |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-27316",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-14T16:29:34.942295Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-14T16:46:17.486Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:fortinet:fortisandbox:5.0.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisandbox:5.0.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisandbox:5.0.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisandbox:5.0.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisandbox:5.0.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisandbox:5.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisandbox:4.4.9:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisandbox:4.4.8:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisandbox:4.4.7:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisandbox:4.4.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisandbox:4.4.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisandbox:4.4.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisandbox:4.4.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisandbox:4.4.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisandbox:4.4.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisandbox:4.4.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiSandbox",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "5.0.5",
"status": "affected",
"version": "5.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.4.9",
"status": "affected",
"version": "4.4.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:fortinet:fortisandboxpaas:23.4.4374:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisandboxpaas:23.4.4350:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisandboxpaas:23.3.4329:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisandboxpaas:23.1.4245:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisandboxpaas:22.2.4151:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisandboxpaas:22.2.4134:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisandboxpaas:22.1.4113:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisandboxpaas:21.4.4072:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisandboxpaas:21.3.4055:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisandboxpaas:5.0.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisandboxpaas:5.0.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisandboxpaas:5.0.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisandboxpaas:5.0.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisandboxpaas:5.0.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiSandbox PaaS",
"vendor": "Fortinet",
"versions": [
{
"status": "affected",
"version": "23.4.4374"
},
{
"status": "affected",
"version": "23.4.4350"
},
{
"status": "affected",
"version": "23.3.4329"
},
{
"status": "affected",
"version": "23.1.4245"
},
{
"status": "affected",
"version": "22.2.4151"
},
{
"status": "affected",
"version": "22.2.4134"
},
{
"status": "affected",
"version": "22.1.4113"
},
{
"status": "affected",
"version": "21.4.4072"
},
{
"status": "affected",
"version": "21.3.4055"
},
{
"lessThanOrEqual": "5.0.5",
"status": "affected",
"version": "5.0.1",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A insufficiently protected credentials vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4 all versions, FortiSandbox PaaS 5.0.1 through 5.0.5 may allow an authenticathed administrator to read LDAP server credentials via client-side inspection."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-522",
"description": "Information disclosure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-14T15:38:02.149Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-26-113",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-113"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to upcoming FortiSandbox version 5.2.0 or above\nUpgrade to FortiSandbox version 5.0.6 or above\nUpgrade to FortiSandbox PaaS version 5.0.6 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2026-27316",
"datePublished": "2026-04-14T15:38:02.149Z",
"dateReserved": "2026-02-19T09:02:02.381Z",
"dateUpdated": "2026-04-14T16:46:17.486Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-39808 (GCVE-0-2026-39808)
Vulnerability from cvelistv5 – Published: 2026-04-14 15:38 – Updated: 2026-04-15 03:58
VLAI?
Summary
A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.8 may allow attacker to execute unauthorized code or commands via <insert attack vector here>
Severity ?
9.1 (Critical)
CWE
- CWE-78 - Execute unauthorized code or commands
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Fortinet | FortiSandbox |
Affected:
4.4.0 , ≤ 4.4.8
(semver)
cpe:2.3:a:fortinet:fortisandbox:4.4.8:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisandbox:4.4.7:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisandbox:4.4.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisandbox:4.4.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisandbox:4.4.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisandbox:4.4.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisandbox:4.4.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisandbox:4.4.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisandbox:4.4.0:*:*:*:*:*:*:* |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-39808",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-14T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-15T03:58:23.870Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:fortinet:fortisandbox:4.4.8:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisandbox:4.4.7:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisandbox:4.4.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisandbox:4.4.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisandbox:4.4.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisandbox:4.4.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisandbox:4.4.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisandbox:4.4.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisandbox:4.4.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiSandbox",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "4.4.8",
"status": "affected",
"version": "4.4.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:fortinet:fortisandboxpaas:23.4.4374:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisandboxpaas:23.4.4350:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisandboxpaas:23.3.4329:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisandboxpaas:23.1.4245:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisandboxpaas:22.2.4151:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisandboxpaas:22.2.4134:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisandboxpaas:22.1.4113:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisandboxpaas:21.4.4072:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisandboxpaas:21.3.4055:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiSandbox PaaS",
"vendor": "Fortinet",
"versions": [
{
"status": "affected",
"version": "23.4.4374"
},
{
"status": "affected",
"version": "23.4.4350"
},
{
"status": "affected",
"version": "23.3.4329"
},
{
"status": "affected",
"version": "23.1.4245"
},
{
"status": "affected",
"version": "22.2.4151"
},
{
"status": "affected",
"version": "22.2.4134"
},
{
"status": "affected",
"version": "22.1.4113"
},
{
"status": "affected",
"version": "21.4.4072"
},
{
"status": "affected",
"version": "21.3.4055"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A improper neutralization of special elements used in an os command (\u0027os command injection\u0027) vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.8 may allow attacker to execute unauthorized code or commands via \u003cinsert attack vector here\u003e"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "Execute unauthorized code or commands",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-14T15:38:02.089Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-26-100",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-100"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to FortiSandbox version 4.4.9 or above\nUpgrade to FortiSandbox PaaS version 5.0.2 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2026-39808",
"datePublished": "2026-04-14T15:38:02.089Z",
"dateReserved": "2026-04-07T15:24:03.838Z",
"dateUpdated": "2026-04-15T03:58:23.870Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-39809 (GCVE-0-2026-39809)
Vulnerability from cvelistv5 – Published: 2026-04-14 15:05 – Updated: 2026-04-15 03:58
VLAI?
Summary
A improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiClientEMS 7.4.0 through 7.4.5, FortiClientEMS 7.2.0 through 7.2.12, FortiClientEMS 7.0 all versions may allow attacker to execute unauthorized code or commands via sending crafted requests
Severity ?
CWE
- CWE-89 - Execute unauthorized code or commands
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Fortinet | FortiClientEMS |
Affected:
7.4.3 , ≤ 7.4.4
(semver)
Affected: 7.4.0 , ≤ 7.4.1 (semver) cpe:2.3:a:fortinet:forticlientems:7.4.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientems:7.4.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientems:7.4.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientems:7.4.0:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-39809",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-14T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-15T03:58:18.867Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:fortinet:forticlientems:7.4.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientems:7.4.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientems:7.4.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientems:7.4.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiClientEMS",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.4.4",
"status": "affected",
"version": "7.4.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.4.1",
"status": "affected",
"version": "7.4.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A improper neutralization of special elements used in an sql command (\u0027sql injection\u0027) vulnerability in Fortinet FortiClientEMS 7.4.0 through 7.4.5, FortiClientEMS 7.2.0 through 7.2.12, FortiClientEMS 7.0 all versions may allow attacker to execute unauthorized code or commands via sending crafted requests"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "Execute unauthorized code or commands",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-14T17:38:34.503Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-26-102",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-102"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to FortiClientEMS version 7.4.6 or above\nUpgrade to FortiClientEMS version 7.4.5 or above\nUpgrade to FortiClientEMS version 7.2.13 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2026-39809",
"datePublished": "2026-04-14T15:05:56.647Z",
"dateReserved": "2026-04-07T15:24:05.925Z",
"dateUpdated": "2026-04-15T03:58:18.867Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-35616 (GCVE-0-2026-35616)
Vulnerability from cvelistv5 – Published: 2026-04-04 00:38 – Updated: 2026-04-07 15:58
VLAI?
Summary
A improper access control vulnerability in Fortinet FortiClientEMS 7.4.5 through 7.4.6 may allow an unauthenticated attacker to execute unauthorized code or commands via crafted requests.
Severity ?
9.1 (Critical)
CWE
- CWE-284 - Escalation of privilege
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Fortinet | FortiClientEMS |
Affected:
7.4.5 , ≤ 7.4.6
(semver)
cpe:2.3:a:fortinet:forticlientems:7.4.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientems:7.4.5:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-35616",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-03T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2026-04-06",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-35616"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-07T03:55:31.536Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-35616"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-04-06T00:00:00.000Z",
"value": "CVE-2026-35616 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:fortinet:forticlientems:7.4.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientems:7.4.5:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiClientEMS",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.4.6",
"status": "affected",
"version": "7.4.5",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A improper access control vulnerability in Fortinet FortiClientEMS 7.4.5 through 7.4.6 may allow an unauthenticated attacker to execute unauthorized code or commands via crafted requests."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "Escalation of privilege",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-07T15:58:53.439Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-26-099",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-099"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to upcoming FortiClientEMS version 8.0.0 or above\nUpgrade to upcoming FortiClientEMS version 7.4.7 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2026-35616",
"datePublished": "2026-04-04T00:38:35.828Z",
"dateReserved": "2026-04-03T23:49:34.986Z",
"dateUpdated": "2026-04-07T15:58:53.439Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-66178 (GCVE-0-2025-66178)
Vulnerability from cvelistv5 – Published: 2026-03-10 16:44 – Updated: 2026-03-11 03:56
VLAI?
Summary
A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.5, FortiWeb 7.4.0 through 7.4.11, FortiWeb 7.2.0 through 7.2.12, FortiWeb 7.0.0 through 7.0.12 may allow an authenticated attacked to execute arbitrary commands via a specialy crafted HTTP request.
Severity ?
CWE
- CWE-78 - Execute unauthorized code or commands
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Fortinet | FortiWeb |
Affected:
8.0.0 , ≤ 8.0.1
(semver)
Affected: 7.6.0 , ≤ 7.6.5 (semver) Affected: 7.4.0 , ≤ 7.4.11 (semver) Affected: 7.2.0 , ≤ 7.2.12 (semver) Affected: 7.0.0 , ≤ 7.0.12 (semver) cpe:2.3:a:fortinet:fortiweb:8.0.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:8.0.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.6.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.6.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.6.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.6.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.6.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.6.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.4.11:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.4.10:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.4.9:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.4.8:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.4.7:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.4.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.4.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.4.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.4.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.4.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.4.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.4.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.2.12:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.2.11:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.2.10:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.2.9:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.2.8:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.2.7:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.2.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.2.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.2.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.2.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.2.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.2.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.2.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.0.12:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.0.11:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.0.10:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.0.9:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.0.8:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.0.7:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.0.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.0.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.0.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.0.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.0.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.0.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.0.0:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-66178",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-10T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-11T03:56:45.815Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:fortinet:fortiweb:8.0.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:8.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.6.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.6.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.6.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.6.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.6.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.6.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.4.11:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.4.10:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.4.9:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.4.8:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.4.7:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.4.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.4.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.4.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.4.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.4.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.4.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.4.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.2.12:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.2.11:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.2.10:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.2.9:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.2.8:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.2.7:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.2.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.2.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.2.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.2.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.2.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.2.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.0.12:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.0.11:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.0.10:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.0.9:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.0.8:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.0.7:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.0.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.0.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.0.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.0.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.0.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.0.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiWeb",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "8.0.1",
"status": "affected",
"version": "8.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.6.5",
"status": "affected",
"version": "7.6.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.4.11",
"status": "affected",
"version": "7.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.2.12",
"status": "affected",
"version": "7.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.12",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A improper neutralization of special elements used in an os command (\u0027os command injection\u0027) vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.5, FortiWeb 7.4.0 through 7.4.11, FortiWeb 7.2.0 through 7.2.12, FortiWeb 7.0.0 through 7.0.12 may allow an authenticated attacked to execute arbitrary commands via a specialy crafted HTTP request."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "Execute unauthorized code or commands",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-10T16:44:21.731Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-26-088",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-088"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to FortiWeb version 8.0.3 or above\nUpgrade to FortiWeb version 7.6.7 or above\nUpgrade to FortiWeb version 7.4.12 or above\nUpgrade to upcoming FortiWeb version 7.2.13 or above\nUpgrade to upcoming FortiWeb version 7.0.13 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2025-66178",
"datePublished": "2026-03-10T16:44:21.731Z",
"dateReserved": "2025-11-24T09:07:32.659Z",
"dateUpdated": "2026-03-11T03:56:45.815Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-24640 (GCVE-0-2026-24640)
Vulnerability from cvelistv5 – Published: 2026-03-10 16:44 – Updated: 2026-03-11 03:56
VLAI?
Summary
A Stack-based Buffer Overflow vulnerability [CWE-121] vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.2, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4 all versions, FortiWeb 7.2 all versions, FortiWeb 7.0.2 through 7.0.12 may allow a remote authenticated attacker who can bypass stack protection and ASLR to execute arbitrary code or commands via crafted HTTP requests.
Severity ?
CWE
- CWE-121 - Execute unauthorized code or commands
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Fortinet | FortiWeb |
Affected:
8.0.0 , ≤ 8.0.2
(semver)
Affected: 7.6.0 , ≤ 7.6.6 (semver) Affected: 7.4.0 , ≤ 7.4.12 (semver) Affected: 7.2.0 , ≤ 7.2.12 (semver) Affected: 7.0.2 , ≤ 7.0.12 (semver) cpe:2.3:a:fortinet:fortiweb:8.0.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:8.0.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:8.0.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.6.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.6.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.6.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.6.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.6.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.6.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.6.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.4.12:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.4.11:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.4.10:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.4.9:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.4.8:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.4.7:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.4.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.4.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.4.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.4.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.4.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.4.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.4.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.2.12:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.2.11:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.2.10:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.2.9:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.2.8:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.2.7:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.2.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.2.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.2.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.2.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.2.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.2.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.2.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.0.12:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.0.11:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.0.10:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.0.9:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.0.8:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.0.7:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.0.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.0.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.0.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.0.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.0.2:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-24640",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-10T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-11T03:56:46.897Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:fortinet:fortiweb:8.0.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:8.0.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:8.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.6.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.6.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.6.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.6.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.6.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.6.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.6.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.4.12:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.4.11:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.4.10:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.4.9:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.4.8:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.4.7:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.4.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.4.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.4.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.4.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.4.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.4.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.4.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.2.12:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.2.11:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.2.10:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.2.9:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.2.8:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.2.7:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.2.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.2.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.2.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.2.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.2.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.2.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.0.12:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.0.11:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.0.10:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.0.9:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.0.8:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.0.7:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.0.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.0.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.0.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.0.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.0.2:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiWeb",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "8.0.2",
"status": "affected",
"version": "8.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.6.6",
"status": "affected",
"version": "7.6.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.4.12",
"status": "affected",
"version": "7.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.2.12",
"status": "affected",
"version": "7.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.12",
"status": "affected",
"version": "7.0.2",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A Stack-based Buffer Overflow vulnerability [CWE-121] vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.2, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4 all versions, FortiWeb 7.2 all versions, FortiWeb 7.0.2 through 7.0.12 may allow a remote authenticated attacker who can bypass stack protection and ASLR to execute arbitrary code or commands via crafted HTTP requests."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "Execute unauthorized code or commands",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-10T16:44:20.721Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-26-087",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-087"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to FortiWeb version 8.0.3 or above\nUpgrade to FortiWeb version 7.6.7 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2026-24640",
"datePublished": "2026-03-10T16:44:20.721Z",
"dateReserved": "2026-01-23T15:09:07.476Z",
"dateUpdated": "2026-03-11T03:56:46.897Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}