Fortinet Fortinet Network security vendor

  1. Vendors
  2. Fortinet

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in any Fortinet product.

RSS Feeds for Fortinet security vulnerabilities

Create a CVE RSS feed including security vulnerabilities found in Fortinet products with stack.watch. Just hit watch, then grab your custom RSS feed url.

Products by Fortinet Sorted by Most Security Vulnerabilities since 2018

Fortinet FortiOS241 vulnerabilities

Fortinet FortiProxy118 vulnerabilities

Fortinet FortiWeb113 vulnerabilities

Fortinet FortiManager109 vulnerabilities

Fortinet Fortianalyzer90 vulnerabilities

Fortinet FortiClient76 vulnerabilities

Fortinet Fortisandbox51 vulnerabilities

Fortinet Fortiportal46 vulnerabilities

Fortinet Fortiadc44 vulnerabilities

Fortinet Fortimail41 vulnerabilities

Fortinet Fortinac30 vulnerabilities

Fortinet Fortisiem27 vulnerabilities

Fortinet Fortipam25 vulnerabilities

Fortinet Fortivoice24 vulnerabilities

Fortinet Fortisoar24 vulnerabilities

Fortinet Fortiwlm23 vulnerabilities

Fortinet Fortimanager Cloud19 vulnerabilities

Fortinet Fortiswitchmanager18 vulnerabilities

Fortinet Fortiauthenticator16 vulnerabilities

Fortinet Fortitester16 vulnerabilities

Fortinet Fortirecorder15 vulnerabilities

Fortinet Forticlientems14 vulnerabilities

Fortinet Fortiswitch12 vulnerabilities

Fortinet Fortianalyzer Big Data12 vulnerabilities

Fortinet Fortiwan11 vulnerabilities

Fortinet Fortinac F11 vulnerabilities

Fortinet Fortindr10 vulnerabilities

Fortinet Fortisase10 vulnerabilities

Fortinet Fortianalyzer Cloud10 vulnerabilities

Fortinet Fortiisolator10 vulnerabilities

Fortinet Forticlientwindows10 vulnerabilities

Fortinet Fortiwlc9 vulnerabilities

Fortinet Fortideceptor9 vulnerabilities

Fortinet Fortimanagercloud9 vulnerabilities

Fortinet Fortiddos7 vulnerabilities

Fortinet Fortiddos F7 vulnerabilities

Fortinet Forticlient Enterprise Management Server7 vulnerabilities

Fortinet Fortianalyzercloud6 vulnerabilities

Fortinet Fortiap W26 vulnerabilities

Fortinet Forticlient Endpoint Management Server6 vulnerabilities

Fortinet Fortiap S5 vulnerabilities

Fortinet Fortiap5 vulnerabilities

Fortinet Forticlientmac5 vulnerabilities

Fortinet Fortiwebmanager5 vulnerabilities

Fortinet Fortisra4 vulnerabilities

Fortinet Fortiaiops4 vulnerabilities

Fortinet Fortisoaron Premise4 vulnerabilities

Fortinet Fortidlp4 vulnerabilities

Fortinet Fortisandboxcloud3 vulnerabilities

Fortinet Fortiextender3 vulnerabilities

Fortinet Fortios 6k7k3 vulnerabilities

Fortinet Fortianalyzer Bigdata3 vulnerabilities

Fortinet Fortisoarpaas2 vulnerabilities

Fortinet Fortiswitchaxfixed2 vulnerabilities

Fortinet Forticlientems Cloud2 vulnerabilities

Fortinet Forticamera2 vulnerabilities

Fortinet Forticlientlinux2 vulnerabilities

Fortinet Fortisoaragentcommunicationbridge1 vulnerability

Fortinet Fortisoar Imap Connector1 vulnerability

Fortinet Fortiadcmanager1 vulnerability

Fortinet Fortisandbox Cloud1 vulnerability

Fortinet Forticlientios1 vulnerability

Fortinet Fortiextender Firmware1 vulnerability

Fortinet Fortiedrmanager1 vulnerability

Fortinet Fortiedrcollectorwindows1 vulnerability

Fortinet Fortiddos Cm1 vulnerability

Known Exploited Fortinet Vulnerabilities

The following Fortinet vulnerabilities have recently been marked by CISA as Known to be Exploited by threat actors.

Title Description Added
Fortinet Multiple Products Authentication Bypass Using an Alternate Path or Channel Vulnerability Fortinet FortiAnalyzer, FortiManager, FortiOS, and FortiProxy contain an authentication bypass using an alternate path or channel that could allow an attacker with a FortiCloud account and a registered device to log into other devices registered to other accounts, if FortiCloud SSO authentication is enabled on those devices.
CVE-2026-24858 Exploit Probability: 3.9% 		January 27, 2026
Fortinet Multiple Products Improper Verification of Cryptographic Signature Vulnerability Fortinet FortiOS, FortiSwitchMaster, FortiProxy, and FortiWeb contain an improper verification of cryptographic signature vulnerability that may allow an unauthenticated attacker to bypass the FortiCloud SSO login authentication via a crafted SAML message. Please be aware that CVE-2025-59719 pertains to the same problem and is mentioned in the same vendor advisory. Ensure to apply all patches mentioned in the advisory.
CVE-2025-59718 Exploit Probability: 2.0% 		December 16, 2025
Fortinet FortiWeb OS Command Injection Vulnerability Fortinet FortiWeb contains an OS command Injection vulnerability that may allow an authenticated attacker to execute unauthorized code on the underlying system via crafted HTTP requests or CLI commands.
CVE-2025-58034 Exploit Probability: 47.6% 		November 18, 2025
Fortinet FortiWeb Path Traversal Vulnerability Fortinet FortiWeb contains a relative path traversal vulnerability that may allow an unauthenticated attacker to execute administrative commands on the system via crafted HTTP or HTTPS requests.
CVE-2025-64446 Exploit Probability: 86.1% 		November 14, 2025
Fortinet FortiWeb SQL Injection Vulnerability Fortinet FortiWeb contains a SQL injection vulnerability that may allow an unauthenticated attacker to execute unauthorized SQL code or commands via crafted HTTP or HTTPs requests.
CVE-2025-25257 Exploit Probability: 31.0% 		July 18, 2025
Fortinet FortiOS Use of Hard-Coded Credentials Vulnerability Fortinet FortiOS contains a use of hard-coded credentials vulnerability that could allow an attacker to cipher sensitive data in FortiOS configuration backup file via knowledge of the hard-coded key.
CVE-2019-6693 Exploit Probability: 72.2% 		June 25, 2025
Fortinet Multiple Products Stack-Based Buffer Overflow Vulnerability Fortinet FortiFone, FortiVoice, FortiNDR and FortiMail contain a stack-based overflow vulnerability that may allow a remote unauthenticated attacker to execute arbitrary code or commands via crafted HTTP requests.
CVE-2025-32756 Exploit Probability: 41.6% 		May 14, 2025
Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability Fortinet FortiOS and FortiProxy contain an authentication bypass vulnerability that allows a remote attacker to gain super-admin privileges via crafted CSF proxy requests.
CVE-2025-24472 Exploit Probability: 5.9% 		March 18, 2025
Fortinet FortiOS Authorization Bypass Vulnerability Fortinet FortiOS contains an authorization bypass vulnerability that may allow an unauthenticated remote attacker to gain super-admin privileges via crafted requests to Node.js websocket module.
CVE-2024-55591 Exploit Probability: 94.2% 		January 14, 2025
Fortinet FortiManager Missing Authentication Vulnerability Fortinet FortiManager contains a missing authentication vulnerability in the fgfmd daemon that allows a remote, unauthenticated attacker to execute arbitrary code or commands via specially crafted requests.
CVE-2024-47575 Exploit Probability: 93.8% 		October 23, 2024
Fortinet Multiple Products Format String Vulnerability Fortinet FortiOS, FortiPAM, FortiProxy, and FortiWeb contain a format string vulnerability that allows a remote, unauthenticated attacker to execute arbitrary code or commands via specially crafted requests.
CVE-2024-23113 Exploit Probability: 57.5% 		October 9, 2024
Fortinet FortiClient EMS SQL Injection Vulnerability Fortinet FortiClient EMS contains a SQL injection vulnerability that allows an unauthenticated attacker to execute commands as SYSTEM via specifically crafted requests.
CVE-2023-48788 Exploit Probability: 94.1% 		March 25, 2024
Fortinet FortiOS Out-of-Bound Write Vulnerability Fortinet FortiOS contains an out-of-bound write vulnerability that allows a remote unauthenticated attacker to execute code or commands via specially crafted HTTP requests.
CVE-2024-21762 Exploit Probability: 92.9% 		February 9, 2024
Fortinet FortiOS and FortiProxy SSL-VPN Heap-Based Buffer Overflow Vulnerability Fortinet FortiOS and FortiProxy SSL-VPN contain a heap-based buffer overflow vulnerability which can allow an unauthenticated, remote attacker to execute code or commands via specifically crafted requests.
CVE-2023-27997 Exploit Probability: 90.2% 		June 13, 2023
Fortinet FortiOS Path Traversal Vulnerability Fortinet FortiOS contains a path traversal vulnerability that may allow a local privileged attacker to read and write files via crafted CLI commands.
CVE-2022-41328 Exploit Probability: 0.2% 		March 14, 2023
Fortinet FortiOS Heap-Based Buffer Overflow Vulnerability Multiple versions of Fortinet FortiOS SSL-VPN contain a heap-based buffer overflow vulnerability which can allow an unauthenticated, remote attacker to execute arbitrary code or commands via specifically crafted requests.
CVE-2022-42475 Exploit Probability: 94.0% 		December 13, 2022
Fortinet Multiple Products Authentication Bypass Vulnerability Fortinet FortiOS, FortiProxy, and FortiSwitchManager contain an authentication bypass vulnerability that could allow an unauthenticated attacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests.
CVE-2022-40684 Exploit Probability: 94.4% 		October 11, 2022
Fortinet FortiOS and FortiADC Improper Access Control Vulnerability Fortinet FortiOS and FortiADC contain an improper access control vulnerability which allows attackers to obtain the LDAP server login credentials configured in FortiGate by pointing a LDAP server connectivity test request to a rogue LDAP server.
CVE-2018-13374 Exploit Probability: 3.8% 		September 8, 2022
Fortinet FortiOS and FortiProxy Out-of-bounds Write A heap buffer overflow in Fortinet FortiOS and FortiProxy may cause the SSL VPN web service termination for logged in users.
CVE-2018-13383 Exploit Probability: 1.3% 		January 10, 2022
Fortinet FortiOS and FortiProxy Improper Authorization An Improper Authorization vulnerability in Fortinet FortiOS and FortiProxy under SSL VPN web portal allows an unauthenticated attacker to modify the password.
CVE-2018-13382 Exploit Probability: 86.1% 		January 10, 2022

Of the known exploited vulnerabilities above, 9 are in the top 1%, or the 99th percentile of the EPSS exploit probability rankings. 5 known exploited Fortinet vulnerabilities are in the top 5% (95th percentile or greater) of the EPSS exploit probability rankings.

Top 10 Riskiest Fortinet Vulnerabilities

Based on the current exploit probability, these Fortinet vulnerabilities are on CISA's Known Exploited vulnerabilities list (KEV) and are ranked by the current EPSS exploit probability.

Rank CVE EPSS Vulnerability
1 CVE-2018-13379 94.5% Fortinet FortiOS SSL VPN credential exposure vulnerability
2 CVE-2022-40684 94.4% Fortinet Multiple Products Authentication Bypass Vulnerability
3 CVE-2024-55591 94.2% Fortinet FortiOS Authorization Bypass Vulnerability
4 CVE-2023-48788 94.1% Fortinet FortiClient EMS SQL Injection Vulnerability
5 CVE-2022-42475 94.0% Fortinet FortiOS Heap-Based Buffer Overflow Vulnerability
6 CVE-2024-47575 93.8% Fortinet FortiManager Missing Authentication Vulnerability
7 CVE-2024-21762 92.9% Fortinet FortiOS Out-of-Bound Write Vulnerability
8 CVE-2023-27997 90.2% Fortinet FortiOS and FortiProxy SSL-VPN Heap-Based Buffer Overflow Vulnerability
9 CVE-2018-13382 86.1% Fortinet FortiOS and FortiProxy Improper Authorization
10 CVE-2025-64446 86.1% Fortinet FortiWeb Path Traversal Vulnerability

By the Year

In 2026 there have been 39 vulnerabilities in Fortinet with an average score of 6.1 out of ten. Last year, in 2025 Fortinet had 235 security vulnerabilities published. Right now, Fortinet is on track to have less security vulnerabilities in 2026 than it did last year. Last year, the average CVE base score was greater by 0.18




Year Vulnerabilities Average Score
2026 39 6.14
2025 235 6.32
2024 122 7.07
2023 197 7.03
2022 104 7.03
2021 120 6.93
2020 42 6.65
2019 37 6.78
2018 17 6.13

It may take a day or so for new Fortinet vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Fortinet Security Vulnerabilities

CVE Date Vulnerability Products
CVE-2025-66178 Mar 10, 2026
FortiWeb OS Command Injection (CVE-2025-66178) 7.0-8.0 (pre-8.0.2) A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.5, FortiWeb 7.4.0 through 7.4.11, FortiWeb 7.2.0 through 7.2.12, FortiWeb 7.0.0 through 7.0.12 may allow an authenticated attacked to execute arbitrary commands via a specialy crafted HTTP request.
FortiWeb
CVE-2026-24641 Mar 10, 2026
FortiWeb <=8.2 NULL Ptr Crash via HTTP A NULL Pointer Dereference vulnerability [CWE-476] vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.2, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4 all versions, FortiWeb 7.2 all versions, FortiWeb 7.0 all versions may allow an authenticated attacker to crash the HTTP daemon via crafted HTTP requests.
FortiWeb
CVE-2026-24640 Mar 10, 2026
FortiWeb 78 Stack Overflows: Remote Code Execution via HTTP (Pre-8.0.3) A Stack-based Buffer Overflow vulnerability [CWE-121] vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.2, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4 all versions, FortiWeb 7.2 all versions, FortiWeb 7.0.2 through 7.0.12 may allow a remote authenticated attacker who can bypass stack protection and ASLR to execute arbitrary code or commands via crafted HTTP requests.
FortiWeb
CVE-2025-54659 Mar 10, 2026
Path Traversal CVE-2025-54659 in FortiSOAR Agent Comm Bridge <1.1.0 An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability [CWE-22] vulnerability in Fortinet FortiSOAR Agent Communication Bridge 1.1.0, FortiSOAR Agent Communication Bridge 1.0 all versions may allow an unauthenticated attacker to read files accessible to the fortisoar user on a system where the agent is deployed, via sending a crafted request to the agent port.
Fortisoaragentcommunicationbridge
CVE-2026-24017 Mar 10, 2026
FortiWeb 7.0-8.0 Auth Rate-Limit Bypass (CWE-799) An Improper Control of Interaction Frequency vulnerability [CWE-799] vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.2, FortiWeb 7.6.0 through 7.6.5, FortiWeb 7.4.0 through 7.4.10, FortiWeb 7.2.0 through 7.2.11, FortiWeb 7.0.0 through 7.0.11 may allow a remote unauthenticated attacker to bypass the authentication rate-limit via crafted requests. The success of the attack depends on the attacker's resources and the password target complexity.
FortiWeb
CVE-2026-25972 Mar 10, 2026
XSS in FortiSIEM 7.3-7.4 Web Page Generation An improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Fortinet FortiSIEM 7.4.0, FortiSIEM 7.3.0 through 7.3.4 may allow a remote unauthenticated attacker to provide arbitrary data enabling a social engineering attack via spoofed URL parameters.
Fortisiem
CVE-2026-22629 Mar 10, 2026
FortiAnalyzer/Manager 7.x/Cloud auth bypass via race condition (CVE-2026-22629) An improper restriction of excessive authentication attempts vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4 all versions, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer 6.4 all versions, FortiAnalyzer Cloud 7.6.0 through 7.6.4, FortiAnalyzer Cloud 7.4 all versions, FortiAnalyzer Cloud 7.2 all versions, FortiAnalyzer Cloud 7.0 all versions, FortiAnalyzer Cloud 6.4 all versions, FortiManager 7.6.0 through 7.6.4, FortiManager 7.4 all versions, FortiManager 7.2 all versions, FortiManager 7.0 all versions, FortiManager 6.4 all versions, FortiManager Cloud 7.6.0 through 7.6.4, FortiManager Cloud 7.4 all versions, FortiManager Cloud 7.2 all versions, FortiManager Cloud 7.0 all versions, FortiManager Cloud 6.4 all versions may allow an attacker to bypass bruteforce protections via exploitation of race conditions. The latter raises the complexity of practical exploitation.
Fortianalyzer
Fortianalyzercloud
FortiManager
And others...
CVE-2025-68482 Mar 10, 2026
FortiAnalyzer/Manager Cert Validation Flaw 7.x & 6.x MitM A improper certificate validation vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.8, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer 6.4 all versions, FortiManager 7.6.0 through 7.6.4, FortiManager 7.4.0 through 7.4.8, FortiManager 7.2 all versions, FortiManager 7.0 all versions, FortiManager 6.4 all versions may allow a remote unauthenticated attacker to view confidential information via a man in the middle [MiTM] attack.
Fortianalyzer
FortiManager
Fortimanagercloud
And others...
CVE-2025-48418 Mar 10, 2026
Fortinet FortiAnalyzer/Manager 7.x6.4 Priv Esc via Hidden CLI Cmd A hidden functionality vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.3, FortiAnalyzer 7.4.0 through 7.4.7, FortiAnalyzer 7.2.0 through 7.2.10, FortiAnalyzer 7.0.0 through 7.0.14, FortiAnalyzer 6.4 all versions, FortiAnalyzer Cloud 7.6.2, FortiAnalyzer Cloud 7.4.1 through 7.4.7, FortiAnalyzer Cloud 7.2.1 through 7.2.10, FortiAnalyzer Cloud 7.0.1 through 7.0.14, FortiAnalyzer Cloud 6.4 all versions, FortiManager 7.6.0 through 7.6.3, FortiManager 7.4.0 through 7.4.7, FortiManager 7.2.0 through 7.2.10, FortiManager 7.0.0 through 7.0.14, FortiManager 6.4 all versions, FortiManager Cloud 7.6.2 through 7.6.3, FortiManager Cloud 7.4.1 through 7.4.7, FortiManager Cloud 7.2.1 through 7.2.10, FortiManager Cloud 7.0.1 through 7.0.14, FortiManager Cloud 6.4 all versions may allow a remote authenticated read-only admin with CLI access to escalate their privilege via use of a hidden command.
Fortianalyzer
Fortianalyzercloud
FortiManager
And others...
CVE-2026-22572 Mar 10, 2026
FortiAnalyzer & FortiManager Auth bypass via crafted requests, v7.2-7.6 An authentication bypass using an alternate path or channel vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.3, FortiAnalyzer 7.4.0 through 7.4.7, FortiAnalyzer 7.2.2 through 7.2.11, FortiManager 7.6.0 through 7.6.3, FortiManager 7.4.0 through 7.4.7, FortiManager 7.2.2 through 7.2.11 may allow an attacker with knowledge of the admins password to bypass multifactor authentication checks via submitting multiple crafted requests.
Fortimanagercloud
FortiManager
Fortianalyzercloud
And others...
CVE-2025-68648 Mar 10, 2026
Format String Privilege Escalation in FortiAnalyzer/Manager 7.0-7.6.4 A use of externally-controlled format string vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.7, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer Cloud 7.6.0 through 7.6.4, FortiAnalyzer Cloud 7.4.0 through 7.4.7, FortiAnalyzer Cloud 7.2 all versions, FortiAnalyzer Cloud 7.0 all versions, FortiManager 7.6.0 through 7.6.4, FortiManager 7.4.0 through 7.4.7, FortiManager 7.2 all versions, FortiManager 7.0 all versions, FortiManager Cloud 7.6.0 through 7.6.4, FortiManager Cloud 7.4.0 through 7.4.7, FortiManager Cloud 7.2 all versions, FortiManager Cloud 7.0 all versions may allow an attacker to escalate its privileges via specially crafted requests.
Fortimanagercloud
Fortianalyzer
FortiManager
And others...
CVE-2025-49784 Mar 10, 2026
FortiAnalyzer SQLi in 7.6.0-7.6.4/7.4.0-7.4.7/7.2+ (Auth Req.) An improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.7, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer 6.4 all versions, FortiAnalyzer-BigData 7.6.0, FortiAnalyzer-BigData 7.4.0 through 7.4.4, FortiAnalyzer-BigData 7.2 all versions, FortiAnalyzer-BigData 7.0 all versions, FortiAnalyzer-BigData 6.4 all versions, FortiAnalyzer-BigData 6.2 all versions may allow an authenticated attacker to execute unauthorized code or commands via specifically crafted requests.
Fortianalyzer Bigdata
Fortianalyzer
CVE-2026-25689 Mar 10, 2026
FortiDeceptor 6.x Arg Injection via CLI HTTP Requests Allow Delete Files (CVE-2026-25689) An improper neutralization of argument delimiters in a command ('argument injection') vulnerability in Fortinet FortiDeceptor 6.2.0, FortiDeceptor 6.0 all versions, FortiDeceptor 5.3 all versions, FortiDeceptor 5.2 all versions, FortiDeceptor 5.1 all versions, FortiDeceptor 5.0 all versions, FortiDeceptor 4.3 all versions, FortiDeceptor 4.2 all versions, FortiDeceptor 4.1 all versions, FortiDeceptor 4.0 all versions may allow a privileged attacker with super-admin profile and CLI access to delete sensitive files via crafted HTTP requests.
Fortideceptor
CVE-2025-53608 Mar 10, 2026
XSS in FortiSandbox 5.0.0-5.0.2 (Auth) - Improper Input Neutralization An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability [CWE-79] vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.2, FortiSandbox 4.4.0 through 4.4.7, FortiSandbox 4.2 all versions, FortiSandbox 4.0 all versions may allow an authenticated privileged attacker to execute code via crafted requests.
Fortisandbox
CVE-2026-24018 Mar 10, 2026
FortiClientLinux Symlink Escalation Vulnerability (7.4.0-7.4.4, 7.2.2-7.2.12) A UNIX symbolic link (Symlink) following vulnerability in Fortinet FortiClientLinux 7.4.0 through 7.4.4, FortiClientLinux 7.2.2 through 7.2.12 may allow a local and unprivileged user to escalate their privileges to root.
Forticlientlinux
CVE-2025-48840 Mar 10, 2026
FortiWeb Auth Bypass via Hostname Spoofing CVE-2025-48840 An authentication bypass by spoofing vulnerability in Fortinet FortiWeb 7.6.0 through 7.6.3, FortiWeb 7.4.0 through 7.4.8, FortiWeb 7.2 all versions, FortiWeb 7.0 all versions may allow a remote unauthenticated attacker to bypass hostname restrictions via a specially crafted request.
FortiWeb
CVE-2026-22627 Mar 10, 2026
Unprivileged Buffer Overflow via LLDP in FortiSwitch AX 1.0.x A buffer copy without checking size of input ('classic buffer overflow') vulnerability in Fortinet FortiSwitchAXFixed 1.0.0 through 1.0.1 may allow an unauthenticated attacker within the same adjacent network to execute unauthorized code or commands on the device via sending a crafted LLDP packet.
Fortiswitchaxfixed
CVE-2025-54820 Mar 10, 2026
FortiManager 7.4.07.4.2 Stack Buffer Overflow CVE202554820 A Stack-based Buffer Overflow vulnerability [CWE-121] vulnerability in Fortinet FortiManager 7.4.0 through 7.4.2, FortiManager 7.2.0 through 7.2.10, FortiManager 6.4 all versions may allow a remote unauthenticated attacker to execute unauthorized commands via crafted requests, if the service is enabled. The success of the attack depends on the ability to bypass the stack protection mechanisms.
FortiManager
CVE-2025-55717 Mar 10, 2026
Fortinet FortiMail Cleartext Sensitive Info Leak CVE-2025-55717 A cleartext storage of sensitive information vulnerability [CWE-312] vulnerability in Fortinet FortiMail 7.6.0 through 7.6.2, FortiMail 7.4.0 through 7.4.4, FortiMail 7.2.0 through 7.2.7, FortiMail 7.0.0 through 7.0.8, FortiRecorder 7.2.0 through 7.2.3, FortiRecorder 7.0 all versions, FortiRecorder 6.4 all versions, FortiVoice 7.2.0, FortiVoice 7.0.0 through 7.0.6 may allow an authenticated malicious administrator to obtain user's secrets via CLI commands. Practical exploitability is limited by conditions out of the control of the attacker: An admin must log in to the targeted device.
Fortivoice
Fortimail
Fortirecorder
And others...
CVE-2026-25836 Mar 10, 2026
FortiSandbox Cloud 5.0.4 OS Command Injection via HTTP (RTD) An improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSandbox Cloud 5.0.4 may allow a privileged attacker with super-admin profile and CLI access to execute unauthorized code or commands via crafted HTTP requests.
Fortisandboxcloud
CVE-2026-30897 Mar 10, 2026
FortiWeb 8.0-8.0.3,7.6.0-7.6.6,7.4.0-7.4.11,7.2,7.0 buffer overflow RCE A stack-based buffer overflow vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.3, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4.0 through 7.4.11, FortiWeb 7.2 all versions, FortiWeb 7.0 all versions may allow a remote authenticated attacker who can bypass stack protection and ASLR to execute arbitrary code or commands via crafted HTTP requests.
FortiWeb
CVE-2026-22628 Mar 10, 2026
FortiSwitchAXFixed 1.0.0-1.0.1 SSH Config Command Injection An improper access control vulnerability in Fortinet FortiSwitchAXFixed 1.0.0 through 1.0.1 may allow an authenticated admin to execute system commands via a specifically crafted SSH config file.
Fortiswitchaxfixed
CVE-2025-68686 Feb 10, 2026
FortiOS 7.6.1-7.0 Sensitive Info Leak via HTTP Symlink Bypass An Exposure of Sensitive Information to an Unauthorized Actor vulnerability [CWE-200] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.1, FortiOS 7.4.0 through 7.4.6, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions may allow a remote unauthenticated attacker to bypass the patch developed for the symbolic link persistency mechanism observed in some post-exploit cases, via crafted HTTP requests. An attacker would need first to have compromised the product via another vulnerability, at filesystem level.
FortiOS
CVE-2025-62439 Feb 10, 2026
FortiOS 7.0-7.6.4: Improper Source Verification in FSSO Channel An Improper Verification of Source of a Communication Channel vulnerability [CWE-940] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.4, FortiOS 7.4.0 through 7.4.9, FortiOS 7.2 all versions, FortiOS 7.0 all versions may allow an authenticated user with knowledge of FSSO policy configurations to gain unauthorized access to protected network resources via crafted requests.
FortiOS
CVE-2025-62676 Feb 10, 2026
FortiClient Windows 7.x Improper Link Resolution CVE-2025-62676 An Improper Link Resolution Before File Access ('Link Following') vulnerability [CWE-59] vulnerability in Fortinet FortiClientWindows 7.4.0 through 7.4.4, FortiClientWindows 7.2.0 through 7.2.12, FortiClientWindows 7.0 all versions may allow a local low-privilege attacker to perform an arbitrary file write with elevated permissions via crafted named pipe messages.
Forticlientwindows
FortiClient
CVE-2025-64157 Feb 10, 2026
FortiOS 7.0-7.6.4 formatstring flaw enables admin code exec A use of externally-controlled format string vulnerability in Fortinet FortiOS 7.6.0 through 7.6.4, FortiOS 7.4.0 through 7.4.9, FortiOS 7.2.0 through 7.2.11, FortiOS 7.0 all versions allows an authenticated admin to execute unauthorized code or commands via specifically crafted configuration.
FortiOS
CVE-2026-21743 Feb 10, 2026
FortiAuthenticator 6.3-6.6.x: Auth Bypass via Unprotected File Upload A missing authorization vulnerability in Fortinet FortiAuthenticator 6.6.0 through 6.6.6, FortiAuthenticator 6.5 all versions, FortiAuthenticator 6.4 all versions, FortiAuthenticator 6.3 all versions may allow a read-only user to make modification to local users via a file upload to an unprotected endpoint.
Fortiauthenticator
CVE-2026-22153 Feb 10, 2026
FortiOS 7.6.0-7.6.4 LDAP Auth Bypass via Agentless VPN/FSSO An Authentication Bypass by Primary Weakness vulnerability [CWE-305] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.4 may allow an unauthenticated attacker to bypass LDAP authentication of Agentless VPN or FSSO policy, when the remote LDAP server is configured in a specific way.
FortiOS
CVE-2025-55018 Feb 10, 2026
FortiOS 6.4.3-7.6.0 HTTP Request Smuggling (Unauthenticated) An inconsistent interpretation of http requests ('http request smuggling') vulnerability in Fortinet FortiOS 7.6.0, FortiOS 7.4.0 through 7.4.9, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4.3 through 6.4.16 may allow an unauthenticated attacker to smuggle an unlogged http request through the firewall policies via a specially crafted header
FortiOS
CVE-2025-52436 Feb 10, 2026
XSS in FortiSandbox 4.x/5.x before 5.0.2 An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability [CWE-79] vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.1, FortiSandbox 4.4.0 through 4.4.7, FortiSandbox 4.2 all versions, FortiSandbox 4.0 all versions may allow an unauthenticated attacker to execute commands via crafted requests.
Fortisandbox
CVE-2026-21643 Feb 06, 2026
FortiClientEMS 7.4.x SQLIl via HTTP enables unauthenticated RCE An improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiClientEMS 7.4.4 may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests.
Forticlientems
CVE-2026-25815 Feb 05, 2026
Fortinet FortiOS LDAP Credential Decryption (<=7.6.6) Fortinet FortiOS through 7.6.6 allows attackers to decrypt LDAP credentials stored in device configuration files, as exploited in the wild from 2025-12-16 through 2026 (by default, the encryption key is the same across all customers' installations). NOTE: the Supplier's position is that the instance of CWE-1394 is not a vulnerability because customers "are supposed to enable" a non-default option that eliminates the weakness. However, that non-default option can disrupt functionality as shown in the "Managing FortiGates with private data encryption" document, and is therefore intentionally not a default option.
FortiOS
CVE-2026-24858 Jan 27, 2026
Fortinet FortiOS Auth Bypass 7.07.6 via Alt Channel An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.5, FortiAnalyzer 7.4.0 through 7.4.9, FortiAnalyzer 7.2.0 through 7.2.11, FortiAnalyzer 7.0.0 through 7.0.15, FortiManager 7.6.0 through 7.6.5, FortiManager 7.4.0 through 7.4.9, FortiManager 7.2.0 through 7.2.11, FortiManager 7.0.0 through 7.0.15, FortiOS 7.6.0 through 7.6.5, FortiOS 7.4.0 through 7.4.10, FortiOS 7.2.0 through 7.2.12, FortiOS 7.0.0 through 7.0.18, FortiProxy 7.6.0 through 7.6.4, FortiProxy 7.4.0 through 7.4.12, FortiProxy 7.2.0 through 7.2.15, FortiProxy 7.0.0 through 7.0.22, FortiWeb 8.0.0 through 8.0.3, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4.0 through 7.4.11 may allow an attacker with a FortiCloud account and a registered device to log into other devices registered to other accounts, if FortiCloud SSO authentication is enabled on those devices.
Fortianalyzer
FortiOS
FortiManager
And others...
CVE-2025-25249 Jan 13, 2026
FortiOS/FortiSwitchManager 6.4.0-7.6.3 Heap Overflow Exec via Packets A heap-based buffer overflow vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2.0 through 7.2.11, FortiOS 7.0.0 through 7.0.17, FortiOS 6.4 all versions, FortiSwitchManager 7.2.0 through 7.2.6, FortiSwitchManager 7.0.0 through 7.0.5 allows attacker to execute unauthorized code or commands via specially crafted packets
Fortiswitchmanager
Fortisase
FortiOS
And others...
CVE-2025-47855 Jan 13, 2026
Fortinet FortiFone V7.0/V3.0: Config Leak via HTTP(S) (CWE-200) An exposure of sensitive information to an unauthorized actor [CWE-200] vulnerability in Fortinet FortiFone 7.0.0 through 7.0.1, FortiFone 3.0.13 through 3.0.23 allows an unauthenticated attacker to obtain the device configuration via crafted HTTP or HTTPS requests.
CVE-2025-59922 Jan 13, 2026
FortiClientEMS 7.0-7.4.4 SQLi (CWE-89) Auth. Adminread only can inject via HTTP An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability [CWE-89] vulnerability in Fortinet FortiClientEMS 7.4.3 through 7.4.4, FortiClientEMS 7.4.0 through 7.4.1, FortiClientEMS 7.2.0 through 7.2.10, FortiClientEMS 7.0 all versions may allow an authenticated attacker with at least read-only admin permission to execute unauthorized SQL code or commands via crafted HTTP or HTTPs requests.
Forticlientems
CVE-2025-58693 Jan 13, 2026
Path Traversal File Deletion in FortiVoice 7.2.0-7.2.2 An improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in Fortinet FortiVoice 7.2.0 through 7.2.2, FortiVoice 7.0.0 through 7.0.7 allows a privileged attacker to delete files from the underlying filesystem via crafted HTTP or HTTPs requests.
Fortivoice
CVE-2025-64155 Jan 13, 2026
FortiSIEM 6.7.0-7.4.0 OS Command Injection (CVE-2025-64155) An improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSIEM 7.4.0, FortiSIEM 7.3.0 through 7.3.4, FortiSIEM 7.1.0 through 7.1.8, FortiSIEM 7.0.0 through 7.0.4, FortiSIEM 6.7.0 through 6.7.10 may allow an attacker to execute unauthorized code or commands via crafted TCP requests.
Fortisiem
CVE-2025-67685 Jan 13, 2026
FortiSandbox SSRF (SSRF) in 4.0-5.0.4 (authenticated) A Server-Side Request Forgery (SSRF) vulnerability [CWE-918] vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.4, FortiSandbox 4.4 all versions, FortiSandbox 4.2 all versions, FortiSandbox 4.0 all versions may allow an authenticated attacker to proxy internal requests limited to plaintext endpoints only via crafted HTTP requests.
Fortisandbox
CVE-2024-40593 Dec 11, 2025
Fortinet FortiAnalyzer PKI Leak (CVE-2024-40593) Fixed 7.4.3 A key management errors vulnerability in Fortinet FortiAnalyzer 7.4.0 through 7.4.2, FortiAnalyzer 7.2.0 through 7.2.5, FortiAnalyzer 7.0 all versions, FortiAnalyzer 6.4 all versions, FortiManager 7.4.0 through 7.4.2, FortiManager 7.2.0 through 7.2.5, FortiManager 7.0 all versions, FortiManager 6.4 all versions, FortiOS 7.6.0, FortiOS 7.4.4, FortiOS 7.2.7, FortiOS 7.0.14, FortiPortal 6.0 all versions may allow an authenticated admin to retrieve a certificate's private key via the device's admin shell.
Fortiportal
Fortianalyzer
FortiOS
And others...
CVE-2024-47570 Dec 09, 2025
FortiOS 7.07.4.3: REST-API Tokens Logged (CWE532) An insertion of sensitive information into log file vulnerability [CWE-532] in FortiOS 7.4.0 through 7.4.3, 7.2.0 through 7.2.7, 7.0 all versions; FortiProxy 7.4.0 through 7.4.3, 7.2.0 through 7.2.11; FortiPAM 1.4 all versions, 1.3 all versions, 1.2 all versions, 1.1 all versions, 1.0 all versions and FortiSRA 1.4 all versions may allow a read-only administrator to retrieve API tokens of other administrators via observing REST API logs, if REST API logging is enabled (non-default configuration).
FortiProxy
Fortisra
Fortipam
And others...
CVE-2025-59719 Dec 09, 2025
Improper SAML Signature Verification in FortiWeb 8.0/7.6.x/7.4.x (SSO Bypass) An improper verification of cryptographic signature vulnerability in Fortinet FortiWeb 8.0.0, FortiWeb 7.6.0 through 7.6.4, FortiWeb 7.4.0 through 7.4.9 may allow an unauthenticated attacker to bypass the FortiCloud SSO login authentication via a crafted SAML response message.
FortiWeb
CVE-2025-59718 Dec 09, 2025
Fortinet FortiOS 7.0-7.6 SAML Auth Bypass via Signature Verify Flaw A improper verification of cryptographic signature vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2.0 through 7.2.11, FortiOS 7.0.0 through 7.0.17, FortiProxy 7.6.0 through 7.6.3, FortiProxy 7.4.0 through 7.4.10, FortiProxy 7.2.0 through 7.2.14, FortiProxy 7.0.0 through 7.0.21, FortiSwitchManager 7.2.0 through 7.2.6, FortiSwitchManager 7.0.0 through 7.0.5 allows an unauthenticated attacker to bypass the FortiCloud SSO login authentication via a crafted SAML response message.
Fortiswitchmanager
FortiProxy
FortiOS
And others...
CVE-2025-53679 Dec 09, 2025
FortiSandbox 5.0.05.0.2 / <4.4.7 GUI OS Command Injection via HTTP(S) An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.2, FortiSandbox 4.4.0 through 4.4.7, FortiSandbox 4.2 all versions, FortiSandbox 4.0 all versions, FortiSandbox Cloud 24.1, FortiSandbox Cloud 23 all versions allows a remote privileged attacker to execute unauthorized code or commands via crafted HTTP or HTTPS requests.
Fortisandboxcloud
Fortisandbox
CVE-2025-54353 Dec 09, 2025
FortiSandbox XSS vuln v5.0.0-5.0.2 & v4.x (CWE-79) An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability [CWE-79] vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.2, FortiSandbox 4.4.0 through 4.4.7, FortiSandbox 4.2 all versions, FortiSandbox 4.0 all versions may allow an attacker to perform an XSS attack via crafted HTTP requests.
Fortisandbox
CVE-2025-53949 Dec 09, 2025
OS Command Injection in FortiSandbox (4.0-5.0.2) An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78] vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.2, FortiSandbox 4.4.0 through 4.4.7, FortiSandbox 4.2 all versions, FortiSandbox 4.0 all versions may allow an authenticated attacker to execute unauthorized code on the underlying system via crafted HTTP requests.
Fortisandbox
CVE-2025-59808 Dec 09, 2025
FortiSOAR PaaS 7.3-7.6.2 Password Reset without Auth An unverified password change vulnerability [CWE-620] vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.2, FortiSOAR PaaS 7.5.0 through 7.5.1, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.0 through 7.6.2, FortiSOAR on-premise 7.5.0 through 7.5.1, FortiSOAR on-premise 7.4 all versions, FortiSOAR on-premise 7.3 all versions may allow an attacker who has already gained access to a victim's user account to reset the account credentials without being prompted for the account's password
Fortisoaron Premise
Fortisoarpaas
Fortisoar
And others...
CVE-2025-59810 Dec 09, 2025
FortiSOAR PaaS/On-Prem IAC (Info Disclosure) 7.3-7.6 An improper access control vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.2, FortiSOAR PaaS 7.5.0 through 7.5.1, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.0 through 7.6.2, FortiSOAR on-premise 7.5.0 through 7.5.1, FortiSOAR on-premise 7.4 all versions, FortiSOAR on-premise 7.3 all versions may allow information disclosure to an authenticated attacker via crafted requests
Fortisoaron Premise
Fortisoarpaas
Fortisoar
And others...
CVE-2025-54838 Dec 09, 2025
Incorrect Authorization in FortiPortal 7.4.07.4.5: Authenticated Reboot Attack An Incorrect Authorization vulnerability [CWE-863] in FortiPortal 7.4.0 through 7.4.5 may allow an authenticated attacker to reboot a shared FortiGate device via crafted HTTP requests.
Fortiportal
CVE-2025-62631 Dec 09, 2025
FortiOS SSLVPN Session Expiration Flaw (pre-7.4.0) An insufficient session expiration vulnerability [CWE-613] vulnerability in Fortinet FortiOS 7.4.0, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions allows attacker to maintain access to network resources via an active SSLVPN session not terminated after a user's password change under particular conditions outside of the attacker's control
FortiOS
Built by Foundeo Inc., with data from the National Vulnerability Database (NVD). Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.