Heap Overflow in Fortinet FortiAnalyzer/Manager Cloud 7.6.4
CVE-2026-22828 Published on April 14, 2026
A heap-based buffer overflow vulnerability in Fortinet FortiAnalyzer Cloud 7.6.2 through 7.6.4, FortiManager Cloud 7.6.2 through 7.6.4 may allow a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests. Successful exploitation would require a large amount of effort in preparation because of ASLR and network segmentation
Vulnerability Analysis
CVE-2026-22828 is exploitable with network access, and does not require authorization privileges or user interaction. This vulnerability is consided to have a high level of attack complexity. The potential impact of an exploit of this vulnerability is considered to be very high.
Weakness Type
Heap-based Buffer Overflow
A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().
Products Associated with CVE-2026-22828
stack.watch emails you whenever new vulnerabilities are published in Fortinet Fortianalyzercloud or Fortinet Fortimanagercloud. Just hit a watch button to start following.
Affected Versions
Fortinet FortiAnalyzer Cloud:- Version 7.6.2, <= 7.6.4 is affected.
- Version 7.6.2, <= 7.6.4 is affected.