Fortinet Fortinet Network security vendor

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in any Fortinet product.

RSS Feeds for Fortinet security vulnerabilities

Create a CVE RSS feed including security vulnerabilities found in Fortinet products with stack.watch. Just hit watch, then grab your custom RSS feed url.

Products by Fortinet Sorted by Most Security Vulnerabilities since 2018

Fortinet FortiOS252 vulnerabilities

Fortinet FortiProxy126 vulnerabilities

Fortinet FortiWeb116 vulnerabilities

Fortinet FortiManager112 vulnerabilities

Fortinet Fortianalyzer93 vulnerabilities

Fortinet FortiClient76 vulnerabilities

Fortinet Fortisandbox60 vulnerabilities

Fortinet Fortiportal47 vulnerabilities

Fortinet Fortiadc44 vulnerabilities

Fortinet Fortimail42 vulnerabilities

Fortinet Fortipam35 vulnerabilities

Fortinet Fortinac30 vulnerabilities

Fortinet Fortisiem28 vulnerabilities

Fortinet Fortivoice25 vulnerabilities

Fortinet Fortisoar24 vulnerabilities

Fortinet Fortiwlm23 vulnerabilities

Fortinet Fortiswitchmanager21 vulnerabilities

Fortinet Fortimanager Cloud19 vulnerabilities

Fortinet Fortiauthenticator18 vulnerabilities

Fortinet Forticlientems18 vulnerabilities

Fortinet Fortitester16 vulnerabilities

Fortinet Fortirecorder15 vulnerabilities

Fortinet Fortimanagercloud14 vulnerabilities

Fortinet Fortisase13 vulnerabilities

Fortinet Fortisoaron Premise12 vulnerabilities

Fortinet Fortiswitch12 vulnerabilities

Fortinet Fortindr12 vulnerabilities

Fortinet Fortinac F12 vulnerabilities

Fortinet Forticlientwindows11 vulnerabilities

Fortinet Fortianalyzercloud11 vulnerabilities

Fortinet Fortiwan11 vulnerabilities

Fortinet Fortideceptor10 vulnerabilities

Fortinet Fortianalyzer Cloud10 vulnerabilities

Fortinet Fortiisolator10 vulnerabilities

Fortinet Fortisoarpaas10 vulnerabilities

Fortinet Fortiwlc9 vulnerabilities

Fortinet Fortiddos F8 vulnerabilities

Fortinet Fortisandboxpaas8 vulnerabilities

Fortinet Fortiap W28 vulnerabilities

Fortinet Fortiddos7 vulnerabilities

Fortinet Fortiap7 vulnerabilities

Fortinet Fortisandboxcloud7 vulnerabilities

Fortinet Fortiap U6 vulnerabilities

Fortinet Fortiap S5 vulnerabilities

Fortinet Fortiwebmanager5 vulnerabilities

Fortinet Forticlientmac5 vulnerabilities

Fortinet Fortisra4 vulnerabilities

Fortinet Fortiweb Manager4 vulnerabilities

Fortinet Fortiaiops4 vulnerabilities

Fortinet Fortidlp4 vulnerabilities

Fortinet Fortios 6k7k3 vulnerabilities

Fortinet Fortiextender3 vulnerabilities

Fortinet Forticlientlinux2 vulnerabilities

Fortinet Fortiswitchaxfixed2 vulnerabilities

Fortinet Forticamera2 vulnerabilities

Fortinet Fortiedrmanager1 vulnerability

Fortinet Fortiddos Cm1 vulnerability

Fortinet Forticlientios1 vulnerability

Fortinet Fortiadcmanager1 vulnerability

Known Exploited Fortinet Vulnerabilities

The following Fortinet vulnerabilities have recently been marked by CISA as Known to be Exploited by threat actors.

Title Description Added
Fortinet SQL Injection Vulnerability Fortinet FortiClient EMS contains a SQL injection vulnerability that may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests.
CVE-2026-21643 Exploit Probability: 94.1%
April 13, 2026
Fortinet FortiClient EMS Improper Access Control Vulnerability Fortinet FortiClient EMS contains an improper access control vulnerability that may allow an unauthenticated attacker to execute unauthorized code or commands via crafted requests.
CVE-2026-35616 Exploit Probability: 88.5%
April 6, 2026
Fortinet Multiple Products Authentication Bypass Using an Alternate Path or Channel Vulnerability Fortinet FortiAnalyzer, FortiManager, FortiOS, and FortiProxy contain an authentication bypass using an alternate path or channel that could allow an attacker with a FortiCloud account and a registered device to log into other devices registered to other accounts, if FortiCloud SSO authentication is enabled on those devices.
CVE-2026-24858 Exploit Probability: 55.1%
January 27, 2026
Fortinet Multiple Products Improper Verification of Cryptographic Signature Vulnerability Fortinet FortiOS, FortiSwitchMaster, FortiProxy, and FortiWeb contain an improper verification of cryptographic signature vulnerability that may allow an unauthenticated attacker to bypass the FortiCloud SSO login authentication via a crafted SAML message. Please be aware that CVE-2025-59719 pertains to the same problem and is mentioned in the same vendor advisory. Ensure to apply all patches mentioned in the advisory.
CVE-2025-59718 Exploit Probability: 65.8%
December 16, 2025
Fortinet FortiWeb OS Command Injection Vulnerability Fortinet FortiWeb contains an OS command Injection vulnerability that may allow an authenticated attacker to execute unauthorized code on the underlying system via crafted HTTP requests or CLI commands.
CVE-2025-58034 Exploit Probability: 54.4%
November 18, 2025
Fortinet FortiWeb Path Traversal Vulnerability Fortinet FortiWeb contains a relative path traversal vulnerability that may allow an unauthenticated attacker to execute administrative commands on the system via crafted HTTP or HTTPS requests.
CVE-2025-64446 Exploit Probability: 89.2%
November 14, 2025
Fortinet FortiWeb SQL Injection Vulnerability Fortinet FortiWeb contains a SQL injection vulnerability that may allow an unauthenticated attacker to execute unauthorized SQL code or commands via crafted HTTP or HTTPs requests.
CVE-2025-25257 Exploit Probability: 96.7%
July 18, 2025
Fortinet FortiOS Use of Hard-Coded Credentials Vulnerability Fortinet FortiOS contains a use of hard-coded credentials vulnerability that could allow an attacker to cipher sensitive data in FortiOS configuration backup file via knowledge of the hard-coded key.
CVE-2019-6693 Exploit Probability: 5.7%
June 25, 2025
Fortinet Multiple Products Stack-Based Buffer Overflow Vulnerability Fortinet FortiFone, FortiVoice, FortiNDR and FortiMail contain a stack-based overflow vulnerability that may allow a remote unauthenticated attacker to execute arbitrary code or commands via crafted HTTP requests.
CVE-2025-32756 Exploit Probability: 32.0%
May 14, 2025
Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability Fortinet FortiOS and FortiProxy contain an authentication bypass vulnerability that allows a remote attacker to gain super-admin privileges via crafted CSF proxy requests.
CVE-2025-24472 Exploit Probability: 3.1%
March 18, 2025
Fortinet FortiOS Authorization Bypass Vulnerability Fortinet FortiOS contains an authorization bypass vulnerability that may allow an unauthenticated remote attacker to gain super-admin privileges via crafted requests to Node.js websocket module.
CVE-2024-55591 Exploit Probability: 98.3%
January 14, 2025
Fortinet FortiManager Missing Authentication Vulnerability Fortinet FortiManager contains a missing authentication vulnerability in the fgfmd daemon that allows a remote, unauthenticated attacker to execute arbitrary code or commands via specially crafted requests.
CVE-2024-47575 Exploit Probability: 94.8%
October 23, 2024
Fortinet Multiple Products Format String Vulnerability Fortinet FortiOS, FortiPAM, FortiProxy, and FortiWeb contain a format string vulnerability that allows a remote, unauthenticated attacker to execute arbitrary code or commands via specially crafted requests.
CVE-2024-23113 Exploit Probability: 61.7%
October 9, 2024
Fortinet FortiClient EMS SQL Injection Vulnerability Fortinet FortiClient EMS contains a SQL injection vulnerability that allows an unauthenticated attacker to execute commands as SYSTEM via specifically crafted requests.
CVE-2023-48788 Exploit Probability: 97.6%
March 25, 2024
Fortinet FortiOS Out-of-Bound Write Vulnerability Fortinet FortiOS contains an out-of-bound write vulnerability that allows a remote unauthenticated attacker to execute code or commands via specially crafted HTTP requests.
CVE-2024-21762 Exploit Probability: 83.4%
February 9, 2024
Fortinet FortiOS and FortiProxy SSL-VPN Heap-Based Buffer Overflow Vulnerability Fortinet FortiOS and FortiProxy SSL-VPN contain a heap-based buffer overflow vulnerability which can allow an unauthenticated, remote attacker to execute code or commands via specifically crafted requests.
CVE-2023-27997 Exploit Probability: 85.7%
June 13, 2023
Fortinet FortiOS Path Traversal Vulnerability Fortinet FortiOS contains a path traversal vulnerability that may allow a local privileged attacker to read and write files via crafted CLI commands.
CVE-2022-41328 Exploit Probability: 12.3%
March 14, 2023
Fortinet FortiOS Heap-Based Buffer Overflow Vulnerability Multiple versions of Fortinet FortiOS SSL-VPN contain a heap-based buffer overflow vulnerability which can allow an unauthenticated, remote attacker to execute arbitrary code or commands via specifically crafted requests.
CVE-2022-42475 Exploit Probability: 99.5%
December 13, 2022
Fortinet Multiple Products Authentication Bypass Vulnerability Fortinet FortiOS, FortiProxy, and FortiSwitchManager contain an authentication bypass vulnerability that could allow an unauthenticated attacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests.
CVE-2022-40684 Exploit Probability: 100.0%
October 11, 2022
Fortinet FortiOS and FortiADC Improper Access Control Vulnerability Fortinet FortiOS and FortiADC contain an improper access control vulnerability which allows attackers to obtain the LDAP server login credentials configured in FortiGate by pointing a LDAP server connectivity test request to a rogue LDAP server.
CVE-2018-13374 Exploit Probability: 38.1%
September 8, 2022

Of the known exploited vulnerabilities above, 13 are in the top 1%, or the 99th percentile of the EPSS exploit probability rankings. 5 known exploited Fortinet vulnerabilities are in the top 5% (95th percentile or greater) of the EPSS exploit probability rankings.

Top 10 Riskiest Fortinet Vulnerabilities

Based on the current exploit probability, these Fortinet vulnerabilities are on CISA's Known Exploited vulnerabilities list (KEV) and are ranked by the current EPSS exploit probability.

Rank CVE EPSS Vulnerability
1 CVE-2018-13379 100.0% Fortinet FortiOS SSL VPN credential exposure vulnerability
2 CVE-2022-40684 100.0% Fortinet Multiple Products Authentication Bypass Vulnerability
3 CVE-2022-42475 99.5% Fortinet FortiOS Heap-Based Buffer Overflow Vulnerability
4 CVE-2024-55591 98.3% Fortinet FortiOS Authorization Bypass Vulnerability
5 CVE-2023-48788 97.6% Fortinet FortiClient EMS SQL Injection Vulnerability
6 CVE-2025-25257 96.7% Fortinet FortiWeb SQL Injection Vulnerability
7 CVE-2024-47575 94.8% Fortinet FortiManager Missing Authentication Vulnerability
8 CVE-2026-21643 94.1% Fortinet SQL Injection Vulnerability
9 CVE-2025-64446 89.2% Fortinet FortiWeb Path Traversal Vulnerability
10 CVE-2026-35616 88.5% Fortinet FortiClient EMS Improper Access Control Vulnerability

By the Year

In 2026 there have been 93 vulnerabilities in Fortinet with an average score of 6.0 out of ten. Last year, in 2025 Fortinet had 235 security vulnerabilities published. Right now, Fortinet is on track to have less security vulnerabilities in 2026 than it did last year. Last year, the average CVE base score was greater by 0.28




Year Vulnerabilities Average Score
2026 93 5.96
2025 235 6.24
2024 122 7.01
2023 197 7.03
2022 104 7.03
2021 120 6.93
2020 42 6.65
2019 37 6.78
2018 17 6.13

It may take a day or so for new Fortinet vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Fortinet Security Vulnerabilities

CVE Date Vulnerability Products
CVE-2026-59838 Jul 15, 2026
FortiSIEM 7.4.0+ XSS via unescaped HTML tags A improper neutralization of script-related html tags in a web page (basic xss) vulnerability in Fortinet FortiSIEM 7.4.0, FortiSIEM 7.3.0 through 7.3.4, FortiSIEM 7.2.0 through 7.2.6, FortiSIEM 7.1 all versions, FortiSIEM 7.0 all versions, FortiSIEM 6.7 all versions, FortiSIEM 6.6 all versions, FortiSIEM 6.5 all versions, FortiSIEM 6.4 all versions may allow attacker to execute unauthorized code or commands via <insert attack vector here>
Fortisiem
CVE-2026-59840 Jul 14, 2026
Fortinet FortiOS/Proxy Buffer Over-Read CVE-2026-59840 (v7.6.0-7.6.5) A buffer over-read vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions, FortiProxy 7.6.0 through 7.6.5, FortiProxy 7.4.0 through 7.4.13, FortiProxy 7.2 all versions, FortiProxy 7.0 all versions may allow attacker to information disclosure via <insert attack vector here>
FortiOS
Fortipam
Fortiswitchmanager
And others...
CVE-2025-43892 Jul 14, 2026
FortiOS 7.6.07.6.2 Buffer Over-Read via Redirect Response A buffer over-read vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions may allow an authenticated remote attacker to return a portion of device memory in the redirect response via submitting a specially crafted request.
FortiOS
CVE-2026-59839 Jul 14, 2026
Fortinet FortiOS <=7.6.6 Path Traversal (#CVE-2026-59839) A improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in Fortinet FortiOS 7.6.0 through 7.6.6, FortiOS 7.4.0 through 7.4.9, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions, FortiPAM 1.8.0, FortiPAM 1.7.0 through 1.7.2, FortiPAM 1.6 all versions, FortiPAM 1.5 all versions, FortiPAM 1.4 all versions, FortiPAM 1.3 all versions, FortiPAM 1.2 all versions, FortiPAM 1.1 all versions, FortiPAM 1.0 all versions, FortiProxy 7.6.0 through 7.6.5, FortiProxy 7.4 through 7.4.13, FortiProxy 7.2 all versions, FortiProxy 7.0 all versions may allow attacker to execute unauthorized code or commands via <insert attack vector here>
FortiProxy
FortiOS
Fortipam
And others...
CVE-2026-23573 Jul 14, 2026
Fortinet FortiOS 7.6.07.6.6, 7.4, 7.2; FortiPAM 1.01.8; FortiProxy 7.27.4.3 XSS An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability [CWE-79] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.6, FortiOS 7.4 all versions, FortiOS 7.2 all versions, FortiPAM 1.8.0, FortiPAM 1.7 all versions, FortiPAM 1.6 all versions, FortiPAM 1.5 all versions, FortiPAM 1.4 all versions, FortiPAM 1.3 all versions, FortiPAM 1.2 all versions, FortiPAM 1.1 all versions, FortiPAM 1.0 all versions, FortiProxy 7.4.0 through 7.4.3, FortiProxy 7.2.0 through 7.2.9 may allow an authenticated remote user to execute code or commands via crafted requests.
FortiOS
FortiProxy
Fortipam
And others...
CVE-2025-62826 Jul 14, 2026
Fortinet FortiOS/Proxy: HTTP Splitting via CRLF (CVE-2025-62826) 7.6-4 An Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') vulnerability [CWE-113] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.4, FortiOS 7.4 all versions, FortiOS 7.2 all versions, FortiProxy 7.6.0 through 7.6.4, FortiProxy 7.4 all versions, FortiProxy 7.2 all versions may allow an attacker able to intercept and modify a user's captive portal authentication request to inject arbitrary headers via crafted HTTP requests.
Fortipam
FortiProxy
FortiOS
And others...
CVE-2025-62675 Jul 14, 2026
FortiOS/FortiProxy CRLF Header Injection before 7.6.5 An Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') vulnerability [CWE-113] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.4, FortiOS 7.4 all versions, FortiOS 7.2 all versions, FortiProxy 7.6.0 through 7.6.4, FortiProxy 7.4 all versions, FortiProxy 7.2 all versions may allow an attacker in possession of a valid web filter override token to inject arbitrary headers via tricking a user into clicking on a crafted link.
FortiOS
Fortipam
FortiProxy
And others...
CVE-2026-59841 Jul 14, 2026
FortiSIEM Windows Agent 7.4.0-7.4.1 Improper Channel Restriction Escalation A improper restriction of communication channel to intended endpoints vulnerability in Fortinet FortiSIEMWindowsAgent 7.4.0 through 7.4.1 may allow attacker to escalation of privilege via <insert attack vector here>
Fortisiemwindowsagent
CVE-2026-59836 Jul 14, 2026
FortiClientEMS CVE-2026-59836 Improper Cert Validation (v7.2-7.4.5) A improper certificate validation vulnerability in Fortinet FortiClientEMS 7.4.3 through 7.4.5, FortiClientEMS 7.4.0 through 7.4.1, FortiClientEMS 7.2 all versions may allow attacker to information disclosure via <insert attack vector here>
Forticlientems
CVE-2025-53379 Jul 14, 2026
FortiAuthenticator OOB Read 6.5-6.6.2 Remote Unauth Leak A out-of-bounds read vulnerability in Fortinet FortiAuthenticator 6.6.0 through 6.6.2, FortiAuthenticator 6.5 all versions may allow a remote unauthenticated attacker to retrieve sensitive information via a specially crafted request.
Fortiauthenticator
CVE-2026-59835 Jul 14, 2026
FortiSandbox 5.0.x & 4.4.x: Unauth VNC Server Exposure via Network A exposure of resource to wrong sphere vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.2, FortiSandbox 4.4.3 through 4.4.8 may allow an unauthenticated attacker to access the VNC server of VMs performing scanning via network requests.
Fortisandbox
CVE-2026-59837 Jul 14, 2026
Stack FO in FortiOS 7.4.07.4.1 / 7.2, FortiPAM <1.8.3 Exec Code A stack-based buffer overflow vulnerability in Fortinet FortiOS 7.4.0 through 7.4.1, FortiOS 7.2 all versions, FortiPAM 1.8.0 through 1.8.2, FortiPAM 1.7 all versions, FortiPAM 1.6 all versions, FortiPAM 1.5 all versions, FortiPAM 1.4 all versions, FortiPAM 1.3 all versions, FortiPAM 1.2 all versions, FortiPAM 1.1 all versions, FortiPAM 1.0 all versions, FortiProxy 7.4.0 through 7.4.13, FortiProxy 7.2 all versions may allow a privileged authenticated attacker who can bypass stack protection and ASLR to execute arbitrary code or commands via crafted HTTP requests.
Fortipam
Fortisase
FortiProxy
And others...
CVE-2025-67862 Jun 09, 2026
FortiOS 7.6.3: Unsafe Debug CLI allows admin to exec Lua scripts An Internal Asset Exposed to Unsafe Debug Access Level or State vulnerability [CWE-1244] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.2, FortiOS 7.4.0 through 7.4.7, FortiOS 7.2.0 through 7.2.10, FortiOS 7.0.0 through 7.0.16, FortiOS 6.4 all versions, FortiProxy 7.6.0 through 7.6.3, FortiProxy 7.4.0 through 7.4.10, FortiProxy 7.2.0 through 7.2.14, FortiProxy 7.0 all versions may allow an authenticated admin to execute lua scripts via crafted CLI commands.
FortiOS
FortiProxy
CVE-2026-25089 Jun 09, 2026
OS CMD Injection in FortiSandbox <5.0.6 via HTTP A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8, FortiSandbox 4.2 all versions, FortiSandbox Cloud 5.0.4 through 5.0.5, FortiSandbox PaaS 5.0.4 through 5.0.5 may allow an unauthenticated attacker to execute unauthorized commands via specifically crafted HTTP requests
Fortisandbox
Fortisandboxcloud
Fortisandboxpaas
And others...
CVE-2026-49938 Jun 09, 2026
FortiPortal 7.x Improper Auth via /admin A improper access control vulnerability in Fortinet FortiPortal 7.4.0 through 7.4.7, FortiPortal 7.2.0 through 7.2.8, FortiPortal 7.0 all versions may allow attacker to improper access control via <insert attack vector here>
Fortiportal
CVE-2025-53870 May 12, 2026
FortiAP OS Command Injection 7.0-7.6.2, W2 7.0-7.4.4 via cli Cmd inj An improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiAP 7.6.0 through 7.6.2, FortiAP 7.4.0 through 7.4.5, FortiAP 7.2 all versions, FortiAP 7.0 all versions, FortiAP 6.4 all versions, FortiAP-W2 7.4.0 through 7.4.4, FortiAP-W2 7.2 all versions, FortiAP-W2 7.0 all versions may allow an authenticated attacker to execute unauthorized code or commands via a specifically crafted cli command.
Fortiap
Fortiap W2
CVE-2025-53680 May 12, 2026
FortiAP CLI OS Command Injection in 7.6.0-7.6.2 (and earlier) An improper neutralization of special elements used in an OS command ("OS Command Injection") vulnerability [CWE-78] vulnerability in Fortinet FortiAP 7.6.0 through 7.6.2, FortiAP 7.4.0 through 7.4.5, FortiAP 7.2 all versions, FortiAP 7.0 all versions, FortiAP 6.4 all versions, FortiAP-U 7.0.0 through 7.0.5, FortiAP-U 6.2 all versions, FortiAP-W2 7.4.0 through 7.4.4, FortiAP-W2 7.2 all versions, FortiAP-W2 7.0 all versions allows an authenticated privileged attacker to execute unauthorized code or commands via crafted CLI requests.
Fortiap
Fortiap W2
Fortiap U
And others...
CVE-2025-67604 May 12, 2026
FortiAnalyzer 7.0-7.6.x Authenticated HTTP Crash via Dangerous Function A use of potentially dangerous function vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.8, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer 6.4 all versions, FortiManager 7.6.0 through 7.6.4, FortiManager 7.4.0 through 7.4.8, FortiManager 7.2 all versions, FortiManager 7.0 all versions, FortiManager 6.4 all versions may allow an authenticated attacker to cause a system hang via multiple specially crafted HTTP requests causing crashes. This happens if internal locks are aligned, which is out of control of the attacker.
Fortianalyzer
FortiManager
CVE-2026-25690 May 12, 2026
Fortinet FortiDeceptor 6.0.2 Argument Injection Enables Log Read An improper neutralization of argument delimiters in a command ('argument injection') vulnerability in Fortinet FortiDeceptor 6.0.0 through 6.0.2, FortiDeceptor 5.3.0 through 5.3.3, FortiDeceptor 5.2.0 through 5.2.1, FortiDeceptor 5.1 all versions, FortiDeceptor 5.0 all versions may allow an authenticated attacker with at least read-only admin permission to read log files via HTTP crafted requests.
Fortideceptor
CVE-2025-53681 May 12, 2026
SQLi in FortiMail 7.6.x, 7.4.x & 7.2.x An improper neutralization of special elements used in an SQL Command ("SQL Injection&") vulnerability [CWE-89] vulnerability in Fortinet FortiMail 7.6.0 through 7.6.3, FortiMail 7.4.0 through 7.4.5, FortiMail 7.2.0 through 7.2.8 allows an authenticated privileged attacker to execute unauthorized code or commands via specifically crafted HTTP or HTTPS requests.
Fortimail
CVE-2026-44279 May 12, 2026
FortiTokenAndroid 5.26.2 Improper export of app components (Android) An improper export of android application components vulnerability in Fortinet FortiTokenAndroid 6.2 all versions, FortiTokenAndroid 6.1 all versions, FortiTokenAndroid 5.2 all versions may allow attacker to disclose information via an exported Content Provider URI.
Fortitokenandroid
CVE-2025-53844 May 12, 2026
FortiOS <=7.6.3 OOB Write Vulnerability (exec via crafted packets) A out-of-bounds write vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2.0 through 7.2.11 allows attacker to execute unauthorized code or commands via specially crafted packets.
FortiOS
CVE-2026-44278 May 12, 2026
FortiClient Hard-coded Crypto Key (7.4.0-7.4.2, 7.2) Info Disclosure A use of hard-coded cryptographic key vulnerability in Fortinet FortiClientWindows 7.4.0 through 7.4.2, FortiClientWindows 7.2 all versions may allow attacker to information disclosure via <insert attack vector here>
Forticlientwindows
CVE-2026-25088 May 12, 2026
SQL Injection in FortiNDR 7.07.6.2 via crafted HTTP requests An improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiNDR 7.6.0 through 7.6.2, FortiNDR 7.4.0 through 7.4.9, FortiNDR 7.2 all versions, FortiNDR 7.1 all versions, FortiNDR 7.0 all versions may allow an authenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests.
Fortindr
CVE-2026-44277 May 12, 2026
FortiAuthenticator 8.0.2 RCE via Improper Access Control A improper access control vulnerability in Fortinet FortiAuthenticator 8.0.2, FortiAuthenticator 8.0.0, FortiAuthenticator 6.6.0 through 6.6.8, FortiAuthenticator 6.5.0 through 6.5.6 may allow attacker to execute unauthorized code or commands via crafted requests.
Fortiauthenticator
CVE-2026-26083 May 12, 2026
FortiSandbox auth bypass in 4.45.0.x series A missing authorization vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.1, FortiSandbox 4.4.0 through 4.4.8, FortiSandbox Cloud 5.0.2 through 5.0.5, FortiSandbox PaaS 23.4 all versions, FortiSandbox PaaS 23.3 all versions, FortiSandbox PaaS 23.1 all versions, FortiSandbox PaaS 22.2 all versions, FortiSandbox PaaS 22.1 all versions, FortiSandbox PaaS 21.4 all versions, FortiSandbox PaaS 21.3 all versions, FortiSandbox PaaS 5.0.0 through 5.0.1, FortiSandbox PaaS 4.4.5 through 4.4.8 may allow an unauthenticated attacker to execute unauthorized code or commands via HTTP requests.
Fortisandboxcloud
Fortisandbox
Fortisandboxpaas
And others...
CVE-2026-40688 Apr 14, 2026
FortiWeb <=8.0.3 OOB Write Unauthorized Code Execution An out-of-bounds write vulnerability [CWE-787] vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.3, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4.0 through 7.4.11 may allow a remote privileged attacker to execute arbitrary code or command via crafted HTTP requests.
FortiWeb
CVE-2025-61624 Apr 14, 2026
Fortinet FortiOS/Proxy Path Traversal CVE202561624 (7.6.4) An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') [CWE-22] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.4, FortiOS 7.4.0 through 7.4.9, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions, FortiPAM 1.7.0, FortiPAM 1.6 all versions, FortiPAM 1.5 all versions, FortiPAM 1.4 all versions, FortiPAM 1.3 all versions, FortiPAM 1.2 all versions, FortiPAM 1.1 all versions, FortiPAM 1.0 all versions, FortiProxy 7.6.0 through 7.6.4, FortiProxy 7.4.0 through 7.4.11, FortiProxy 7.2 all versions, FortiProxy 7.0 all versions, FortiSwitchManager 7.2.0 through 7.2.7, FortiSwitchManager 7.0.0 through 7.0.6 may allow an authenticated attacker with admin profile and at least read-write permissions to write or delete arbitrary files via specific CLI commands.
FortiOS
FortiProxy
Fortiswitchmanager
And others...
CVE-2025-68649 Apr 14, 2026
FortiAnalyzer/Manager path traversal allows privileged file delete via CLI An improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.7, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer Cloud 7.6.0 through 7.6.4, FortiAnalyzer Cloud 7.4.0 through 7.4.7, FortiAnalyzer Cloud 7.2 all versions, FortiAnalyzer Cloud 7.0 all versions, FortiManager 7.6.0 through 7.6.4, FortiManager 7.4.0 through 7.4.7, FortiManager 7.2 all versions, FortiManager 7.0 all versions, FortiManager Cloud 7.6.0 through 7.6.4, FortiManager Cloud 7.4.0 through 7.4.7, FortiManager Cloud 7.2 all versions, FortiManager Cloud 7.0 all versions may allow a privileged attacker to delete files from the underlying filesystem via crafted CLI requests.
Fortimanagercloud
FortiManager
Fortianalyzer
And others...
CVE-2026-21741 Apr 14, 2026
FortiNAC-F 7.6.0-7.6.5, 7.4, 7.2: Open Redirect via CSV (CWE-601) An URL Redirection to Untrusted Site ('Open Redirect') vulnerability [CWE-601] vulnerability in Fortinet FortiNAC-F 7.6.0 through 7.6.5, FortiNAC-F 7.4 all versions, FortiNAC-F 7.2 all versions may allow a remote privileged attacker with system administrator role to redirect users to an arbitrary website via crafted CSV file.
Fortinac F
CVE-2026-39813 Apr 14, 2026
FortiSandbox 4.4.x-5.0.x Path Traversal (../filedir) Privilege Escalation A path traversal: '../filedir' vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8 may allow attacker to escalation of privilege via specially crafted HTTP requests.
Fortisandbox
Fortisandboxcloud
CVE-2025-61848 Apr 14, 2026
FortiAnalyzer/FortiManager SQLi via JSON RPC API (7.0-7.6.4) An improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.8, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer Cloud 7.6.0 through 7.6.4, FortiAnalyzer Cloud 7.4.0 through 7.4.8, FortiAnalyzer Cloud 7.2 all versions, FortiAnalyzer Cloud 7.0 all versions, FortiManager 7.6.0 through 7.6.4, FortiManager 7.4.0 through 7.4.8, FortiManager 7.2 all versions, FortiManager 7.0 all versions, FortiManager Cloud 7.6.0 through 7.6.4, FortiManager Cloud 7.4.0 through 7.4.8, FortiManager Cloud 7.2 all versions, FortiManager Cloud 7.0 all versions may allow a privileged authenticated attacker to execute unauthorized code or commands via JSON RPC API
FortiManager
Fortianalyzer
Fortimanagercloud
And others...
CVE-2026-39815 Apr 14, 2026
SQLi in FortiDDoS-F 7.2.1-7.2.2 A improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiDDoS-F 7.2.1 through 7.2.2 may allow attacker to execute unauthorized code or commands via sending crafted HTTP requests
Fortiddos F
CVE-2026-22828 Apr 14, 2026
Heap Overflow in Fortinet FortiAnalyzer/Manager Cloud 7.6.4 A heap-based buffer overflow vulnerability in Fortinet FortiAnalyzer Cloud 7.6.2 through 7.6.4, FortiManager Cloud 7.6.2 through 7.6.4 may allow a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests. Successful exploitation would require a large amount of effort in preparation because of ASLR and network segmentation
Fortianalyzercloud
Fortimanagercloud
CVE-2025-61886 Apr 14, 2026
FortiSandbox 5.0.0-5.0.4 XSS via Input in Web Page Gen (CWE-79) An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability [CWE-79] vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.4, FortiSandbox PaaS 5.0.0 through 5.0.4 may allow an attacker to perform an XSS attack via crafted HTTP requests.
Fortisandboxpaas
Fortisandbox
CVE-2026-22573 Apr 14, 2026
Path traversal via File Content Extract in FortiSOAR PaaS <7.7 An improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.3, FortiSOAR PaaS 7.5 all versions, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.0 through 7.6.3, FortiSOAR on-premise 7.5 all versions, FortiSOAR on-premise 7.4 all versions, FortiSOAR on-premise 7.3 all versions may allow an authenticated remote attacker to perform path traversal attack via File Content Extraction actions.
Fortisoaron Premise
Fortisoarpaas
CVE-2026-39810 Apr 14, 2026
Hardcoded Crypto Key in FortiClientEMS 7.4.07.4.5 Enables Info Disclosure A use of hard-coded cryptographic key vulnerability in Fortinet FortiClientEMS 7.4.0 through 7.4.5 may allow attacker to information disclosure via decrypting database dump.
Forticlientems
CVE-2026-39811 Apr 14, 2026
FortiWeb 7.x-8.0.3 Integer Overflow DoS A integer overflow or wraparound vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.3, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4 all versions, FortiWeb 7.2 all versions, FortiWeb 7.0 all versions may allow attacker to denial of service via <insert attack vector here>
FortiWeb
CVE-2024-23104 Apr 14, 2026
FortiNDR 7.6 & 7.4.07.4.8 Info Leak via HTTP ReadOnly Auth An exposure of sensitive information to an unauthorized actor vulnerability in Fortinet FortiNDR 7.6.0, FortiNDR 7.4.0 through 7.4.8, FortiNDR 7.2 all versions, FortiNDR 7.1 all versions, FortiNDR 7.0 all versions, FortiVoice 7.0.0 through 7.0.1 may allow a remote authenticated attacker with at least read-only permission on system maintenance to access backup information via crafted HTTP requests
Fortivoice
Fortindr
CVE-2026-23708 Apr 14, 2026
Improper Auth. in FortiSOAR 7.57.6.3 via 2FA Replay A improper authentication vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.3, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR on-premise 7.6.0 through 7.6.3, FortiSOAR on-premise 7.5.0 through 7.5.2 may allow an unauthenticated attacker to bypass authentication via replaying captured 2FA request. The attack requires being able to intercept and decrypt authentication traffic and precise timing to replay the request before token expiration, which raises the attack complexity.
Fortisoarpaas
Fortisoaron Premise
CVE-2026-39812 Apr 14, 2026
FortiSandbox XSS in Web Page Generation (5.0.5) A improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8, FortiSandbox 4.2 all versions, FortiSandbox PaaS 5.0.0 through 5.0.5, FortiSandbox PaaS 4.4.0 through 4.4.8, FortiSandbox PaaS 4.2 all versions may allow attacker to execute unauthorized code or commands via <insert attack vector here>
Fortisandbox
Fortisandboxpaas
CVE-2026-39814 Apr 14, 2026
Relative Path Traversal in FortiWeb 8.0.0-8.0.2 Enables Code Exec A relative path traversal vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.2, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4.1 through 7.4.12, FortiWeb 7.2.7 through 7.2.12, FortiWeb 7.0.10 through 7.0.12 may allow attacker to execute unauthorized code or commands via <insert attack vector here>
FortiWeb
CVE-2026-25691 Apr 14, 2026
FortiSandbox 4.2-5.0.5 Path Traversal Enables Privileged Directory Delete via CLI A improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8, FortiSandbox 4.2 all versions, FortiSandbox Cloud 5.0.4, FortiSandbox PaaS 5.0.4 may allow a privileged attacker with super-admin profile and CLI access to delete an arbitrary directory via HTTP crafted requests.
Fortisandboxpaas
Fortisandboxcloud
Fortisandbox
And others...
CVE-2025-59809 Apr 14, 2026
FortiSOAR 7.x SSRF (CWE-918) Before 7.6.4 Allowed Auth Attacker A server-side request forgery (ssrf) vulnerability [CWE-918] vulnerability in Fortinet FortiSOAR PaaS 7.6.4, FortiSOAR PaaS 7.6.0 through 7.6.2, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.4, FortiSOAR on-premise 7.6.0 through 7.6.2, FortiSOAR on-premise 7.5.0 through 7.5.2, FortiSOAR on-premise 7.4 all versions, FortiSOAR on-premise 7.3 all versions may allow an authenticated attacker to discover services running on local ports via crafted requests.
Fortisoaron Premise
Fortisoarpaas
CVE-2026-22155 Apr 14, 2026
FortiSOAR 7.3-7.6.3 Cleartxt Sensitive Data Exposure A cleartext transmission of sensitive information vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.3, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.0 through 7.6.2, FortiSOAR on-premise 7.5.0 through 7.5.1, FortiSOAR on-premise 7.4 all versions, FortiSOAR on-premise 7.3 all versions may allow attacker to information disclosure via <insert attack vector here>
Fortisoaron Premise
Fortisoarpaas
CVE-2026-21742 Apr 14, 2026
Cleartext Password Exposure in FortiSOAR 7.47.6.3 PaaS/OnPrem A cleartext transmission of sensitive information vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.3, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.0 through 7.6.2, FortiSOAR on-premise 7.5.0 through 7.5.1, FortiSOAR on-premise 7.4 all versions, FortiSOAR on-premise 7.3 all versions may allow an authenticated attacker to view cleartext password in response for Secure Message Exchange and Radius queries, if configured
Fortisoarpaas
Fortisoaron Premise
CVE-2026-22574 Apr 14, 2026
FortiSOAR 7.4-7.6.4 LDAP: Authenticated Password Disclosure A storing passwords in a recoverable format vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.4, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.0 through 7.6.4, FortiSOAR on-premise 7.5.0 through 7.5.2, FortiSOAR on-premise 7.4 all versions, FortiSOAR on-premise 7.3 all versions may allow an authenticated remote attacker to retrieve Service account password via server address modification in LDAP configuration.
Fortisoarpaas
Fortisoaron Premise
CVE-2026-22154 Apr 14, 2026
FortiSOAR PaaS/On-Prem XSS in Web UI <=7.6.3 via Malformed Input An improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.3, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.0 through 7.6.3, FortiSOAR on-premise 7.5.0 through 7.5.2, FortiSOAR on-premise 7.4 all versions, FortiSOAR on-premise 7.3 all versions may allow an authenticated remote attacker to perform a stored cross site scripting (XSS) attack via crafted HTTP Requests.
Fortisoarpaas
Fortisoaron Premise
CVE-2026-22576 Apr 14, 2026
Recoverable Passwords in Fortinet FortiSOAR PaaS & On-Prem 7.3-7.6.4 A storing passwords in a recoverable format vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.4, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.0 through 7.6.4, FortiSOAR on-premise 7.5.0 through 7.5.2, FortiSOAR on-premise 7.4 all versions, FortiSOAR on-premise 7.3 all versions may allow an authenticated remote attacker to retrieve passwords for multiple installed connectors via server address modification in connector configuration.
Fortisoarpaas
Fortisoaron Premise
CVE-2025-53847 Apr 14, 2026
FortiOS 6.2.9-7.6.3 Missing Auth Vulnerability A missing authentication for critical function vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2.0 through 7.2.11, FortiOS 7.0.0 through 7.0.17, FortiOS 6.4 all versions, FortiOS 6.2.9 through 6.2.17 allows attacker to execute unauthorized code or commands via specially crafted packets.
FortiOS
Built by Foundeo Inc., with data from the National Vulnerability Database (NVD). Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.