Fortinet Fortinet Network security vendor

  1. Vendors
  2. Fortinet

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in any Fortinet product.

RSS Feeds for Fortinet security vulnerabilities

Create a CVE RSS feed including security vulnerabilities found in Fortinet products with stack.watch. Just hit watch, then grab your custom RSS feed url.

Products by Fortinet Sorted by Most Security Vulnerabilities since 2018

Fortinet FortiOS243 vulnerabilities

Fortinet FortiProxy119 vulnerabilities

Fortinet FortiWeb116 vulnerabilities

Fortinet FortiManager111 vulnerabilities

Fortinet Fortianalyzer92 vulnerabilities

Fortinet FortiClient76 vulnerabilities

Fortinet Fortisandbox57 vulnerabilities

Fortinet Fortiportal46 vulnerabilities

Fortinet Fortiadc44 vulnerabilities

Fortinet Fortimail41 vulnerabilities

Fortinet Fortinac30 vulnerabilities

Fortinet Fortisiem27 vulnerabilities

Fortinet Fortipam26 vulnerabilities

Fortinet Fortivoice25 vulnerabilities

Fortinet Fortisoar24 vulnerabilities

Fortinet Fortiwlm23 vulnerabilities

Fortinet Fortiswitchmanager19 vulnerabilities

Fortinet Fortimanager Cloud19 vulnerabilities

Fortinet Forticlientems17 vulnerabilities

Fortinet Fortiauthenticator16 vulnerabilities

Fortinet Fortitester16 vulnerabilities

Fortinet Fortirecorder15 vulnerabilities

Fortinet Fortiswitch12 vulnerabilities

Fortinet Fortisoaron Premise12 vulnerabilities

Fortinet Fortianalyzer Big Data12 vulnerabilities

Fortinet Fortinac F12 vulnerabilities

Fortinet Fortimanagercloud12 vulnerabilities

Fortinet Fortindr11 vulnerabilities

Fortinet Fortiwan11 vulnerabilities

Fortinet Forticlientwindows10 vulnerabilities

Fortinet Fortisase10 vulnerabilities

Fortinet Fortisoarpaas10 vulnerabilities

Fortinet Fortiisolator10 vulnerabilities

Fortinet Fortianalyzer Cloud10 vulnerabilities

Fortinet Fortideceptor9 vulnerabilities

Fortinet Fortiwlc9 vulnerabilities

Fortinet Fortianalyzercloud9 vulnerabilities

Fortinet Fortiddos F8 vulnerabilities

Fortinet Fortiddos7 vulnerabilities

Fortinet Forticlient Enterprise Management Server7 vulnerabilities

Fortinet Forticlient Endpoint Management Server6 vulnerabilities

Fortinet Fortiap W26 vulnerabilities

Fortinet Fortisandboxcloud5 vulnerabilities

Fortinet Forticlientmac5 vulnerabilities

Fortinet Fortiwebmanager5 vulnerabilities

Fortinet Fortiap S5 vulnerabilities

Fortinet Fortisandboxpaas5 vulnerabilities

Fortinet Fortiap5 vulnerabilities

Fortinet Fortiaiops4 vulnerabilities

Fortinet Fortisra4 vulnerabilities

Fortinet Fortidlp4 vulnerabilities

Fortinet Fortios 6k7k3 vulnerabilities

Fortinet Fortianalyzer Bigdata3 vulnerabilities

Fortinet Fortiextender3 vulnerabilities

Fortinet Fortiswitchaxfixed2 vulnerabilities

Fortinet Forticamera2 vulnerabilities

Fortinet Forticlientems Cloud2 vulnerabilities

Fortinet Forticlientlinux2 vulnerabilities

Fortinet Fortisandbox Cloud1 vulnerability

Fortinet Fortiddos Cm1 vulnerability

Fortinet Fortiedrcollectorwindows1 vulnerability

Fortinet Fortiedrmanager1 vulnerability

Fortinet Fortiextender Firmware1 vulnerability

Fortinet Forticlientios1 vulnerability

Fortinet Fortisoaragentcommunicationbridge1 vulnerability

Fortinet Fortisoar Imap Connector1 vulnerability

Fortinet Fortiadcmanager1 vulnerability

Known Exploited Fortinet Vulnerabilities

The following Fortinet vulnerabilities have recently been marked by CISA as Known to be Exploited by threat actors.

Title Description Added
Fortinet SQL Injection Vulnerability Fortinet FortiClient EMS contains a SQL injection vulnerability that may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests.
CVE-2026-21643 Exploit Probability: 38.2% 		April 13, 2026
Fortinet FortiClient EMS Improper Access Control Vulnerability Fortinet FortiClient EMS contains an improper access control vulnerability that may allow an unauthenticated attacker to execute unauthorized code or commands via crafted requests.
CVE-2026-35616 Exploit Probability: 25.3% 		April 6, 2026
Fortinet Multiple Products Authentication Bypass Using an Alternate Path or Channel Vulnerability Fortinet FortiAnalyzer, FortiManager, FortiOS, and FortiProxy contain an authentication bypass using an alternate path or channel that could allow an attacker with a FortiCloud account and a registered device to log into other devices registered to other accounts, if FortiCloud SSO authentication is enabled on those devices.
CVE-2026-24858 Exploit Probability: 2.3% 		January 27, 2026
Fortinet Multiple Products Improper Verification of Cryptographic Signature Vulnerability Fortinet FortiOS, FortiSwitchMaster, FortiProxy, and FortiWeb contain an improper verification of cryptographic signature vulnerability that may allow an unauthenticated attacker to bypass the FortiCloud SSO login authentication via a crafted SAML message. Please be aware that CVE-2025-59719 pertains to the same problem and is mentioned in the same vendor advisory. Ensure to apply all patches mentioned in the advisory.
CVE-2025-59718 Exploit Probability: 7.6% 		December 16, 2025
Fortinet FortiWeb OS Command Injection Vulnerability Fortinet FortiWeb contains an OS command Injection vulnerability that may allow an authenticated attacker to execute unauthorized code on the underlying system via crafted HTTP requests or CLI commands.
CVE-2025-58034 Exploit Probability: 42.9% 		November 18, 2025
Fortinet FortiWeb Path Traversal Vulnerability Fortinet FortiWeb contains a relative path traversal vulnerability that may allow an unauthenticated attacker to execute administrative commands on the system via crafted HTTP or HTTPS requests.
CVE-2025-64446 Exploit Probability: 93.1% 		November 14, 2025
Fortinet FortiWeb SQL Injection Vulnerability Fortinet FortiWeb contains a SQL injection vulnerability that may allow an unauthenticated attacker to execute unauthorized SQL code or commands via crafted HTTP or HTTPs requests.
CVE-2025-25257 Exploit Probability: 17.2% 		July 18, 2025
Fortinet FortiOS Use of Hard-Coded Credentials Vulnerability Fortinet FortiOS contains a use of hard-coded credentials vulnerability that could allow an attacker to cipher sensitive data in FortiOS configuration backup file via knowledge of the hard-coded key.
CVE-2019-6693 Exploit Probability: 72.2% 		June 25, 2025
Fortinet Multiple Products Stack-Based Buffer Overflow Vulnerability Fortinet FortiFone, FortiVoice, FortiNDR and FortiMail contain a stack-based overflow vulnerability that may allow a remote unauthenticated attacker to execute arbitrary code or commands via crafted HTTP requests.
CVE-2025-32756 Exploit Probability: 41.6% 		May 14, 2025
Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability Fortinet FortiOS and FortiProxy contain an authentication bypass vulnerability that allows a remote attacker to gain super-admin privileges via crafted CSF proxy requests.
CVE-2025-24472 Exploit Probability: 10.1% 		March 18, 2025
Fortinet FortiOS Authorization Bypass Vulnerability Fortinet FortiOS contains an authorization bypass vulnerability that may allow an unauthenticated remote attacker to gain super-admin privileges via crafted requests to Node.js websocket module.
CVE-2024-55591 Exploit Probability: 94.2% 		January 14, 2025
Fortinet FortiManager Missing Authentication Vulnerability Fortinet FortiManager contains a missing authentication vulnerability in the fgfmd daemon that allows a remote, unauthenticated attacker to execute arbitrary code or commands via specially crafted requests.
CVE-2024-47575 Exploit Probability: 93.8% 		October 23, 2024
Fortinet Multiple Products Format String Vulnerability Fortinet FortiOS, FortiPAM, FortiProxy, and FortiWeb contain a format string vulnerability that allows a remote, unauthenticated attacker to execute arbitrary code or commands via specially crafted requests.
CVE-2024-23113 Exploit Probability: 57.5% 		October 9, 2024
Fortinet FortiClient EMS SQL Injection Vulnerability Fortinet FortiClient EMS contains a SQL injection vulnerability that allows an unauthenticated attacker to execute commands as SYSTEM via specifically crafted requests.
CVE-2023-48788 Exploit Probability: 94.1% 		March 25, 2024
Fortinet FortiOS Out-of-Bound Write Vulnerability Fortinet FortiOS contains an out-of-bound write vulnerability that allows a remote unauthenticated attacker to execute code or commands via specially crafted HTTP requests.
CVE-2024-21762 Exploit Probability: 92.7% 		February 9, 2024
Fortinet FortiOS and FortiProxy SSL-VPN Heap-Based Buffer Overflow Vulnerability Fortinet FortiOS and FortiProxy SSL-VPN contain a heap-based buffer overflow vulnerability which can allow an unauthenticated, remote attacker to execute code or commands via specifically crafted requests.
CVE-2023-27997 Exploit Probability: 89.1% 		June 13, 2023
Fortinet FortiOS Path Traversal Vulnerability Fortinet FortiOS contains a path traversal vulnerability that may allow a local privileged attacker to read and write files via crafted CLI commands.
CVE-2022-41328 Exploit Probability: 0.3% 		March 14, 2023
Fortinet FortiOS Heap-Based Buffer Overflow Vulnerability Multiple versions of Fortinet FortiOS SSL-VPN contain a heap-based buffer overflow vulnerability which can allow an unauthenticated, remote attacker to execute arbitrary code or commands via specifically crafted requests.
CVE-2022-42475 Exploit Probability: 94.0% 		December 13, 2022
Fortinet Multiple Products Authentication Bypass Vulnerability Fortinet FortiOS, FortiProxy, and FortiSwitchManager contain an authentication bypass vulnerability that could allow an unauthenticated attacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests.
CVE-2022-40684 Exploit Probability: 94.4% 		October 11, 2022
Fortinet FortiOS and FortiADC Improper Access Control Vulnerability Fortinet FortiOS and FortiADC contain an improper access control vulnerability which allows attackers to obtain the LDAP server login credentials configured in FortiGate by pointing a LDAP server connectivity test request to a rogue LDAP server.
CVE-2018-13374 Exploit Probability: 3.8% 		September 8, 2022

Of the known exploited vulnerabilities above, 8 are in the top 1%, or the 99th percentile of the EPSS exploit probability rankings. 7 known exploited Fortinet vulnerabilities are in the top 5% (95th percentile or greater) of the EPSS exploit probability rankings.

Top 10 Riskiest Fortinet Vulnerabilities

Based on the current exploit probability, these Fortinet vulnerabilities are on CISA's Known Exploited vulnerabilities list (KEV) and are ranked by the current EPSS exploit probability.

Rank CVE EPSS Vulnerability
1 CVE-2018-13379 94.5% Fortinet FortiOS SSL VPN credential exposure vulnerability
2 CVE-2022-40684 94.4% Fortinet Multiple Products Authentication Bypass Vulnerability
3 CVE-2024-55591 94.2% Fortinet FortiOS Authorization Bypass Vulnerability
4 CVE-2023-48788 94.1% Fortinet FortiClient EMS SQL Injection Vulnerability
5 CVE-2022-42475 94.0% Fortinet FortiOS Heap-Based Buffer Overflow Vulnerability
6 CVE-2024-47575 93.8% Fortinet FortiManager Missing Authentication Vulnerability
7 CVE-2025-64446 93.1% Fortinet FortiWeb Path Traversal Vulnerability
8 CVE-2024-21762 92.7% Fortinet FortiOS Out-of-Bound Write Vulnerability
9 CVE-2023-27997 89.1% Fortinet FortiOS and FortiProxy SSL-VPN Heap-Based Buffer Overflow Vulnerability
10 CVE-2018-13382 85.3% Fortinet FortiOS and FortiProxy Improper Authorization

By the Year

In 2026 there have been 67 vulnerabilities in Fortinet with an average score of 6.0 out of ten. Last year, in 2025 Fortinet had 235 security vulnerabilities published. Right now, Fortinet is on track to have less security vulnerabilities in 2026 than it did last year. Last year, the average CVE base score was greater by 0.33




Year Vulnerabilities Average Score
2026 67 5.99
2025 235 6.32
2024 122 7.07
2023 197 7.03
2022 104 7.03
2021 120 6.93
2020 42 6.65
2019 37 6.78
2018 17 6.13

It may take a day or so for new Fortinet vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Fortinet Security Vulnerabilities

CVE Date Vulnerability Products
CVE-2026-40688 Apr 14, 2026
FortiWeb <=8.0.3 OOB Write Unauthorized Code Execution An out-of-bounds write vulnerability [CWE-787] vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.3, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4.0 through 7.4.11 may allow a remote privileged attacker to execute arbitrary code or command via crafted HTTP requests.
FortiWeb
CVE-2025-61624 Apr 14, 2026
Fortinet FortiOS/Proxy Path Traversal CVE202561624 (7.6.4) An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') [CWE-22] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.4, FortiOS 7.4.0 through 7.4.9, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions, FortiPAM 1.7.0, FortiPAM 1.6 all versions, FortiPAM 1.5 all versions, FortiPAM 1.4 all versions, FortiPAM 1.3 all versions, FortiPAM 1.2 all versions, FortiPAM 1.1 all versions, FortiPAM 1.0 all versions, FortiProxy 7.6.0 through 7.6.4, FortiProxy 7.4.0 through 7.4.11, FortiProxy 7.2 all versions, FortiProxy 7.0 all versions, FortiSwitchManager 7.2.0 through 7.2.7, FortiSwitchManager 7.0.0 through 7.0.6 may allow an authenticated attacker with admin profile and at least read-write permissions to write or delete arbitrary files via specific CLI commands.
FortiOS
FortiProxy
Fortiswitchmanager
And others...
CVE-2025-68649 Apr 14, 2026
FortiAnalyzer/Manager path traversal allows privileged file delete via CLI An improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.7, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer Cloud 7.6.0 through 7.6.4, FortiAnalyzer Cloud 7.4.0 through 7.4.7, FortiAnalyzer Cloud 7.2 all versions, FortiAnalyzer Cloud 7.0 all versions, FortiManager 7.6.0 through 7.6.4, FortiManager 7.4.0 through 7.4.7, FortiManager 7.2 all versions, FortiManager 7.0 all versions, FortiManager Cloud 7.6.0 through 7.6.4, FortiManager Cloud 7.4.0 through 7.4.7, FortiManager Cloud 7.2 all versions, FortiManager Cloud 7.0 all versions may allow a privileged attacker to delete files from the underlying filesystem via crafted CLI requests.
Fortimanagercloud
FortiManager
Fortianalyzer
And others...
CVE-2026-21741 Apr 14, 2026
FortiNAC-F 7.6.0-7.6.5, 7.4, 7.2: Open Redirect via CSV (CWE-601) An URL Redirection to Untrusted Site ('Open Redirect') vulnerability [CWE-601] vulnerability in Fortinet FortiNAC-F 7.6.0 through 7.6.5, FortiNAC-F 7.4 all versions, FortiNAC-F 7.2 all versions may allow a remote privileged attacker with system administrator role to redirect users to an arbitrary website via crafted CSV file.
Fortinac F
CVE-2026-39813 Apr 14, 2026
FortiSandbox 4.4.x-5.0.x Path Traversal (../filedir) Privilege Escalation A path traversal: '../filedir' vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8 may allow attacker to escalation of privilege via <insert attack vector here>
Fortisandbox
Fortisandboxcloud
CVE-2025-61848 Apr 14, 2026
FortiAnalyzer/FortiManager SQLi via JSON RPC API (7.0-7.6.4) An improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.8, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer Cloud 7.6.0 through 7.6.4, FortiAnalyzer Cloud 7.4.0 through 7.4.8, FortiAnalyzer Cloud 7.2 all versions, FortiAnalyzer Cloud 7.0 all versions, FortiManager 7.6.0 through 7.6.4, FortiManager 7.4.0 through 7.4.8, FortiManager 7.2 all versions, FortiManager 7.0 all versions, FortiManager Cloud 7.6.0 through 7.6.4, FortiManager Cloud 7.4.0 through 7.4.8, FortiManager Cloud 7.2 all versions, FortiManager Cloud 7.0 all versions may allow a privileged authenticated attacker to execute unauthorized code or commands via JSON RPC API
FortiManager
Fortianalyzer
Fortimanagercloud
And others...
CVE-2026-39815 Apr 14, 2026
SQLi in FortiDDoS-F 7.2.1-7.2.2 A improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiDDoS-F 7.2.1 through 7.2.2 may allow attacker to execute unauthorized code or commands via sending crafted HTTP requests
Fortiddos F
CVE-2026-22828 Apr 14, 2026
Heap Overflow in Fortinet FortiAnalyzer/Manager Cloud 7.6.4 A heap-based buffer overflow vulnerability in Fortinet FortiAnalyzer Cloud 7.6.2 through 7.6.4, FortiManager Cloud 7.6.2 through 7.6.4 may allow a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests. Successful exploitation would require a large amount of effort in preparation because of ASLR and network segmentation
Fortianalyzercloud
Fortimanagercloud
CVE-2026-22573 Apr 14, 2026
Path traversal via File Content Extract in FortiSOAR PaaS <7.7 An improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.3, FortiSOAR PaaS 7.5 all versions, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.0 through 7.6.3, FortiSOAR on-premise 7.5 all versions, FortiSOAR on-premise 7.4 all versions, FortiSOAR on-premise 7.3 all versions may allow an authenticated remote attacker to perform path traversal attack via File Content Extraction actions.
Fortisoaron Premise
Fortisoarpaas
CVE-2025-61886 Apr 14, 2026
FortiSandbox 5.0.0-5.0.4 XSS via Input in Web Page Gen (CWE-79) An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability [CWE-79] vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.4, FortiSandbox PaaS 5.0.0 through 5.0.4 may allow an attacker to perform an XSS attack via crafted HTTP requests.
Fortisandboxpaas
Fortisandbox
CVE-2026-39810 Apr 14, 2026
Hardcoded Crypto Key in FortiClientEMS 7.4.07.4.5 Enables Info Disclosure A use of hard-coded cryptographic key vulnerability in Fortinet FortiClientEMS 7.4.0 through 7.4.5 may allow attacker to information disclosure via decrypting database dump.
Forticlientems
CVE-2026-39811 Apr 14, 2026
FortiWeb 7.x-8.0.3 Integer Overflow DoS A integer overflow or wraparound vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.3, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4 all versions, FortiWeb 7.2 all versions, FortiWeb 7.0 all versions may allow attacker to denial of service via <insert attack vector here>
FortiWeb
CVE-2024-23104 Apr 14, 2026
FortiNDR 7.6 & 7.4.07.4.8 Info Leak via HTTP ReadOnly Auth An exposure of sensitive information to an unauthorized actor vulnerability in Fortinet FortiNDR 7.6.0, FortiNDR 7.4.0 through 7.4.8, FortiNDR 7.2 all versions, FortiNDR 7.1 all versions, FortiNDR 7.0 all versions, FortiVoice 7.0.0 through 7.0.1 may allow a remote authenticated attacker with at least read-only permission on system maintenance to access backup information via crafted HTTP requests
Fortivoice
Fortindr
CVE-2026-39812 Apr 14, 2026
FortiSandbox XSS in Web Page Generation (5.0.5) A improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8, FortiSandbox 4.2 all versions, FortiSandbox PaaS 5.0.0 through 5.0.5, FortiSandbox PaaS 4.4.0 through 4.4.8, FortiSandbox PaaS 4.2 all versions may allow attacker to execute unauthorized code or commands via <insert attack vector here>
Fortisandbox
Fortisandboxpaas
CVE-2026-23708 Apr 14, 2026
Improper Auth. in FortiSOAR 7.57.6.3 via 2FA Replay A improper authentication vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.3, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR on-premise 7.6.0 through 7.6.3, FortiSOAR on-premise 7.5.0 through 7.5.2 may allow an unauthenticated attacker to bypass authentication via replaying captured 2FA request. The attack requires being able to intercept and decrypt authentication traffic and precise timing to replay the request before token expiration, which raises the attack complexity.
Fortisoarpaas
Fortisoaron Premise
CVE-2026-39814 Apr 14, 2026
Relative Path Traversal in FortiWeb 8.0.0-8.0.2 Enables Code Exec A relative path traversal vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.2, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4.1 through 7.4.12, FortiWeb 7.2.7 through 7.2.12, FortiWeb 7.0.10 through 7.0.12 may allow attacker to execute unauthorized code or commands via <insert attack vector here>
FortiWeb
CVE-2026-25691 Apr 14, 2026
FortiSandbox 4.2-5.0.5 Path Traversal Enables Privileged Directory Delete via CLI A improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8, FortiSandbox 4.2 all versions, FortiSandbox Cloud 5.0.4, FortiSandbox PaaS 5.0.4 may allow a privileged attacker with super-admin profile and CLI access to delete an arbitrary directory via HTTP crafted requests.
Fortisandboxpaas
Fortisandboxcloud
Fortisandbox
And others...
CVE-2025-59809 Apr 14, 2026
FortiSOAR 7.x SSRF (CWE-918) Before 7.6.4 Allowed Auth Attacker A server-side request forgery (ssrf) vulnerability [CWE-918] vulnerability in Fortinet FortiSOAR PaaS 7.6.4, FortiSOAR PaaS 7.6.0 through 7.6.2, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.4, FortiSOAR on-premise 7.6.0 through 7.6.2, FortiSOAR on-premise 7.5.0 through 7.5.2, FortiSOAR on-premise 7.4 all versions, FortiSOAR on-premise 7.3 all versions may allow an authenticated attacker to discover services running on local ports via crafted requests.
Fortisoaron Premise
Fortisoarpaas
CVE-2026-22155 Apr 14, 2026
FortiSOAR 7.3-7.6.3 Cleartxt Sensitive Data Exposure A cleartext transmission of sensitive information vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.3, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.0 through 7.6.2, FortiSOAR on-premise 7.5.0 through 7.5.1, FortiSOAR on-premise 7.4 all versions, FortiSOAR on-premise 7.3 all versions may allow attacker to information disclosure via <insert attack vector here>
Fortisoaron Premise
Fortisoarpaas
CVE-2026-21742 Apr 14, 2026
Cleartext Password Exposure in FortiSOAR 7.47.6.3 PaaS/OnPrem A cleartext transmission of sensitive information vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.3, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.0 through 7.6.2, FortiSOAR on-premise 7.5.0 through 7.5.1, FortiSOAR on-premise 7.4 all versions, FortiSOAR on-premise 7.3 all versions may allow an authenticated attacker to view cleartext password in response for Secure Message Exchange and Radius queries, if configured
Fortisoarpaas
Fortisoaron Premise
CVE-2026-22574 Apr 14, 2026
FortiSOAR 7.4-7.6.4 LDAP: Authenticated Password Disclosure A storing passwords in a recoverable format vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.4, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.0 through 7.6.4, FortiSOAR on-premise 7.5.0 through 7.5.2, FortiSOAR on-premise 7.4 all versions, FortiSOAR on-premise 7.3 all versions may allow an authenticated remote attacker to retrieve Service account password via server address modification in LDAP configuration.
Fortisoarpaas
Fortisoaron Premise
CVE-2026-22154 Apr 14, 2026
FortiSOAR PaaS/On-Prem XSS in Web UI <=7.6.3 via Malformed Input An improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.3, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.0 through 7.6.3, FortiSOAR on-premise 7.5.0 through 7.5.2, FortiSOAR on-premise 7.4 all versions, FortiSOAR on-premise 7.3 all versions may allow an authenticated remote attacker to perform a stored cross site scripting (XSS) attack via crafted HTTP Requests.
Fortisoarpaas
Fortisoaron Premise
CVE-2026-22576 Apr 14, 2026
Recoverable Passwords in Fortinet FortiSOAR PaaS & On-Prem 7.3-7.6.4 A storing passwords in a recoverable format vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.4, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.0 through 7.6.4, FortiSOAR on-premise 7.5.0 through 7.5.2, FortiSOAR on-premise 7.4 all versions, FortiSOAR on-premise 7.3 all versions may allow an authenticated remote attacker to retrieve passwords for multiple installed connectors via server address modification in connector configuration.
Fortisoarpaas
Fortisoaron Premise
CVE-2025-53847 Apr 14, 2026
FortiOS 6.2.9-7.6.3 Missing Auth Vulnerability A missing authentication for critical function vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2.0 through 7.2.11, FortiOS 7.0.0 through 7.0.17, FortiOS 6.4 all versions, FortiOS 6.2.9 through 6.2.17 allows attacker to execute unauthorized code or commands via specially crafted packets.
FortiOS
CVE-2026-39808 Apr 14, 2026
FortiSandbox 4.4.0-4.4.8 OS Command Injection Vulnerability A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.8 may allow attacker to execute unauthorized code or commands via <insert attack vector here>
Fortisandbox
Fortisandboxpaas
CVE-2026-27316 Apr 14, 2026
Fortinet FortiSandbox 4.4-5.0.5 LDAP cred leak via client-side inspection A insufficiently protected credentials vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4 all versions, FortiSandbox PaaS 5.0.1 through 5.0.5 may allow an authenticathed administrator to read LDAP server credentials via client-side inspection.
Fortisandbox
Fortisandboxpaas
CVE-2026-39809 Apr 14, 2026
FortiClientEMS 7.0-7.4 SQLi: Exec code via special element neutralization A improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiClientEMS 7.4.0 through 7.4.5, FortiClientEMS 7.2.0 through 7.2.12, FortiClientEMS 7.0 all versions may allow attacker to execute unauthorized code or commands via sending crafted requests
Forticlientems
CVE-2026-35616 Apr 04, 2026
FortiClientEMS 7.4.5-7.4.6 Improper Access Control Exploit via Crafted Requests A improper access control vulnerability in Fortinet FortiClientEMS 7.4.5 through 7.4.6 may allow an unauthenticated attacker to execute unauthorized code or commands via crafted requests.
Forticlientems
CVE-2025-66178 Mar 10, 2026
FortiWeb OS Command Injection (CVE-2025-66178) 7.0-8.0 (pre-8.0.2) A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.5, FortiWeb 7.4.0 through 7.4.11, FortiWeb 7.2.0 through 7.2.12, FortiWeb 7.0.0 through 7.0.12 may allow an authenticated attacked to execute arbitrary commands via a specialy crafted HTTP request.
FortiWeb
CVE-2025-54659 Mar 10, 2026
Path Traversal CVE-2025-54659 in FortiSOAR Agent Comm Bridge <1.1.0 An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability [CWE-22] vulnerability in Fortinet FortiSOAR Agent Communication Bridge 1.1.0, FortiSOAR Agent Communication Bridge 1.0 all versions may allow an unauthenticated attacker to read files accessible to the fortisoar user on a system where the agent is deployed, via sending a crafted request to the agent port.
Fortisoaragentcommunicationbridge
CVE-2026-24641 Mar 10, 2026
FortiWeb <=8.2 NULL Ptr Crash via HTTP A NULL Pointer Dereference vulnerability [CWE-476] vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.2, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4 all versions, FortiWeb 7.2 all versions, FortiWeb 7.0 all versions may allow an authenticated attacker to crash the HTTP daemon via crafted HTTP requests.
FortiWeb
CVE-2026-24640 Mar 10, 2026
FortiWeb 78 Stack Overflows: Remote Code Execution via HTTP (Pre-8.0.3) A Stack-based Buffer Overflow vulnerability [CWE-121] vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.2, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4 all versions, FortiWeb 7.2 all versions, FortiWeb 7.0.2 through 7.0.12 may allow a remote authenticated attacker who can bypass stack protection and ASLR to execute arbitrary code or commands via crafted HTTP requests.
FortiWeb
CVE-2026-24017 Mar 10, 2026
FortiWeb 7.0-8.0 Auth Rate-Limit Bypass (CWE-799) An Improper Control of Interaction Frequency vulnerability [CWE-799] vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.2, FortiWeb 7.6.0 through 7.6.5, FortiWeb 7.4.0 through 7.4.10, FortiWeb 7.2.0 through 7.2.11, FortiWeb 7.0.0 through 7.0.11 may allow a remote unauthenticated attacker to bypass the authentication rate-limit via crafted requests. The success of the attack depends on the attacker's resources and the password target complexity.
FortiWeb
CVE-2026-25972 Mar 10, 2026
XSS in FortiSIEM 7.3-7.4 Web Page Generation An improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Fortinet FortiSIEM 7.4.0, FortiSIEM 7.3.0 through 7.3.4 may allow a remote unauthenticated attacker to provide arbitrary data enabling a social engineering attack via spoofed URL parameters.
Fortisiem
CVE-2026-22629 Mar 10, 2026
FortiAnalyzer/Manager 7.x/Cloud auth bypass via race condition (CVE-2026-22629) An improper restriction of excessive authentication attempts vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4 all versions, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer 6.4 all versions, FortiAnalyzer Cloud 7.6.0 through 7.6.4, FortiAnalyzer Cloud 7.4 all versions, FortiAnalyzer Cloud 7.2 all versions, FortiAnalyzer Cloud 7.0 all versions, FortiAnalyzer Cloud 6.4 all versions, FortiManager 7.6.0 through 7.6.4, FortiManager 7.4 all versions, FortiManager 7.2 all versions, FortiManager 7.0 all versions, FortiManager 6.4 all versions, FortiManager Cloud 7.6.0 through 7.6.4, FortiManager Cloud 7.4 all versions, FortiManager Cloud 7.2 all versions, FortiManager Cloud 7.0 all versions, FortiManager Cloud 6.4 all versions may allow an attacker to bypass bruteforce protections via exploitation of race conditions. The latter raises the complexity of practical exploitation.
Fortianalyzer
Fortianalyzercloud
FortiManager
And others...
CVE-2025-48418 Mar 10, 2026
Fortinet FortiAnalyzer/Manager 7.x6.4 Priv Esc via Hidden CLI Cmd A hidden functionality vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.3, FortiAnalyzer 7.4.0 through 7.4.7, FortiAnalyzer 7.2.0 through 7.2.10, FortiAnalyzer 7.0.0 through 7.0.14, FortiAnalyzer 6.4 all versions, FortiAnalyzer Cloud 7.6.2, FortiAnalyzer Cloud 7.4.1 through 7.4.7, FortiAnalyzer Cloud 7.2.1 through 7.2.10, FortiAnalyzer Cloud 7.0.1 through 7.0.14, FortiAnalyzer Cloud 6.4 all versions, FortiManager 7.6.0 through 7.6.3, FortiManager 7.4.0 through 7.4.7, FortiManager 7.2.0 through 7.2.10, FortiManager 7.0.0 through 7.0.14, FortiManager 6.4 all versions, FortiManager Cloud 7.6.2 through 7.6.3, FortiManager Cloud 7.4.1 through 7.4.7, FortiManager Cloud 7.2.1 through 7.2.10, FortiManager Cloud 7.0.1 through 7.0.14, FortiManager Cloud 6.4 all versions may allow a remote authenticated read-only admin with CLI access to escalate their privilege via use of a hidden command.
Fortianalyzer
Fortianalyzercloud
FortiManager
And others...
CVE-2025-68482 Mar 10, 2026
FortiAnalyzer/Manager Cert Validation Flaw 7.x & 6.x MitM A improper certificate validation vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.8, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer 6.4 all versions, FortiManager 7.6.0 through 7.6.4, FortiManager 7.4.0 through 7.4.8, FortiManager 7.2 all versions, FortiManager 7.0 all versions, FortiManager 6.4 all versions may allow a remote unauthenticated attacker to view confidential information via a man in the middle [MiTM] attack.
Fortianalyzer
FortiManager
Fortimanagercloud
And others...
CVE-2025-49784 Mar 10, 2026
FortiAnalyzer SQLi in 7.6.0-7.6.4/7.4.0-7.4.7/7.2+ (Auth Req.) An improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.7, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer 6.4 all versions, FortiAnalyzer-BigData 7.6.0, FortiAnalyzer-BigData 7.4.0 through 7.4.4, FortiAnalyzer-BigData 7.2 all versions, FortiAnalyzer-BigData 7.0 all versions, FortiAnalyzer-BigData 6.4 all versions, FortiAnalyzer-BigData 6.2 all versions may allow an authenticated attacker to execute unauthorized code or commands via specifically crafted requests.
Fortianalyzer Bigdata
Fortianalyzer
CVE-2026-22572 Mar 10, 2026
FortiAnalyzer & FortiManager Auth bypass via crafted requests, v7.2-7.6 An authentication bypass using an alternate path or channel vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.3, FortiAnalyzer 7.4.0 through 7.4.7, FortiAnalyzer 7.2.2 through 7.2.11, FortiManager 7.6.0 through 7.6.3, FortiManager 7.4.0 through 7.4.7, FortiManager 7.2.2 through 7.2.11 may allow an attacker with knowledge of the admins password to bypass multifactor authentication checks via submitting multiple crafted requests.
Fortimanagercloud
FortiManager
Fortianalyzercloud
And others...
CVE-2025-68648 Mar 10, 2026
Format String Privilege Escalation in FortiAnalyzer/Manager 7.0-7.6.4 A use of externally-controlled format string vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.7, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer Cloud 7.6.0 through 7.6.4, FortiAnalyzer Cloud 7.4.0 through 7.4.7, FortiAnalyzer Cloud 7.2 all versions, FortiAnalyzer Cloud 7.0 all versions, FortiManager 7.6.0 through 7.6.4, FortiManager 7.4.0 through 7.4.7, FortiManager 7.2 all versions, FortiManager 7.0 all versions, FortiManager Cloud 7.6.0 through 7.6.4, FortiManager Cloud 7.4.0 through 7.4.7, FortiManager Cloud 7.2 all versions, FortiManager Cloud 7.0 all versions may allow an attacker to escalate its privileges via specially crafted requests.
Fortimanagercloud
Fortianalyzer
FortiManager
And others...
CVE-2026-25689 Mar 10, 2026
FortiDeceptor 6.x Arg Injection via CLI HTTP Requests Allow Delete Files (CVE-2026-25689) An improper neutralization of argument delimiters in a command ('argument injection') vulnerability in Fortinet FortiDeceptor 6.2.0, FortiDeceptor 6.0 all versions, FortiDeceptor 5.3 all versions, FortiDeceptor 5.2 all versions, FortiDeceptor 5.1 all versions, FortiDeceptor 5.0 all versions, FortiDeceptor 4.3 all versions, FortiDeceptor 4.2 all versions, FortiDeceptor 4.1 all versions, FortiDeceptor 4.0 all versions may allow a privileged attacker with super-admin profile and CLI access to delete sensitive files via crafted HTTP requests.
Fortideceptor
CVE-2025-53608 Mar 10, 2026
XSS in FortiSandbox 5.0.0-5.0.2 (Auth) - Improper Input Neutralization An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability [CWE-79] vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.2, FortiSandbox 4.4.0 through 4.4.7, FortiSandbox 4.2 all versions, FortiSandbox 4.0 all versions may allow an authenticated privileged attacker to execute code via crafted requests.
Fortisandbox
CVE-2026-24018 Mar 10, 2026
FortiClientLinux Symlink Escalation Vulnerability (7.4.0-7.4.4, 7.2.2-7.2.12) A UNIX symbolic link (Symlink) following vulnerability in Fortinet FortiClientLinux 7.4.0 through 7.4.4, FortiClientLinux 7.2.2 through 7.2.12 may allow a local and unprivileged user to escalate their privileges to root.
Forticlientlinux
CVE-2025-48840 Mar 10, 2026
FortiWeb Auth Bypass via Hostname Spoofing CVE-2025-48840 An authentication bypass by spoofing vulnerability in Fortinet FortiWeb 7.6.0 through 7.6.3, FortiWeb 7.4.0 through 7.4.8, FortiWeb 7.2 all versions, FortiWeb 7.0 all versions may allow a remote unauthenticated attacker to bypass hostname restrictions via a specially crafted request.
FortiWeb
CVE-2026-22627 Mar 10, 2026
Unprivileged Buffer Overflow via LLDP in FortiSwitch AX 1.0.x A buffer copy without checking size of input ('classic buffer overflow') vulnerability in Fortinet FortiSwitchAXFixed 1.0.0 through 1.0.1 may allow an unauthenticated attacker within the same adjacent network to execute unauthorized code or commands on the device via sending a crafted LLDP packet.
Fortiswitchaxfixed
CVE-2025-54820 Mar 10, 2026
FortiManager 7.4.07.4.2 Stack Buffer Overflow CVE202554820 A Stack-based Buffer Overflow vulnerability [CWE-121] vulnerability in Fortinet FortiManager 7.4.0 through 7.4.2, FortiManager 7.2.0 through 7.2.10, FortiManager 6.4 all versions may allow a remote unauthenticated attacker to execute unauthorized commands via crafted requests, if the service is enabled. The success of the attack depends on the ability to bypass the stack protection mechanisms.
FortiManager
CVE-2025-55717 Mar 10, 2026
Fortinet FortiMail Cleartext Sensitive Info Leak CVE-2025-55717 A cleartext storage of sensitive information vulnerability [CWE-312] vulnerability in Fortinet FortiMail 7.6.0 through 7.6.2, FortiMail 7.4.0 through 7.4.4, FortiMail 7.2.0 through 7.2.7, FortiMail 7.0.0 through 7.0.8, FortiRecorder 7.2.0 through 7.2.3, FortiRecorder 7.0 all versions, FortiRecorder 6.4 all versions, FortiVoice 7.2.0, FortiVoice 7.0.0 through 7.0.6 may allow an authenticated malicious administrator to obtain user's secrets via CLI commands. Practical exploitability is limited by conditions out of the control of the attacker: An admin must log in to the targeted device.
Fortivoice
Fortimail
Fortirecorder
And others...
CVE-2026-25836 Mar 10, 2026
FortiSandbox Cloud 5.0.4 OS Command Injection via HTTP (RTD) An improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSandbox Cloud 5.0.4 may allow a privileged attacker with super-admin profile and CLI access to execute unauthorized code or commands via crafted HTTP requests.
Fortisandboxcloud
CVE-2026-30897 Mar 10, 2026
FortiWeb 8.0-8.0.3,7.6.0-7.6.6,7.4.0-7.4.11,7.2,7.0 buffer overflow RCE A stack-based buffer overflow vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.3, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4.0 through 7.4.11, FortiWeb 7.2 all versions, FortiWeb 7.0 all versions may allow a remote authenticated attacker who can bypass stack protection and ASLR to execute arbitrary code or commands via crafted HTTP requests.
FortiWeb
CVE-2026-22628 Mar 10, 2026
FortiSwitchAXFixed 1.0.0-1.0.1 SSH Config Command Injection An improper access control vulnerability in Fortinet FortiSwitchAXFixed 1.0.0 through 1.0.1 may allow an authenticated admin to execute system commands via a specifically crafted SSH config file.
Fortiswitchaxfixed
Built by Foundeo Inc., with data from the National Vulnerability Database (NVD). Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.