CVE-2026-59837 vulnerability in Fortinet Products
Published on July 14, 2026
A stack-based buffer overflow vulnerability in Fortinet FortiOS 7.4.0 through 7.4.1, FortiOS 7.2 all versions, FortiPAM 1.8.0 through 1.8.2, FortiPAM 1.7 all versions, FortiPAM 1.6 all versions, FortiPAM 1.5 all versions, FortiPAM 1.4 all versions, FortiPAM 1.3 all versions, FortiPAM 1.2 all versions, FortiPAM 1.1 all versions, FortiPAM 1.0 all versions, FortiProxy 7.4.0 through 7.4.13, FortiProxy 7.2 all versions may allow a privileged authenticated attacker who can bypass stack protection and ASLR to execute arbitrary code or commands via crafted HTTP requests.
Vulnerability Analysis
CVE-2026-59837 can be exploited with network access, and requires user privileges. This vulnerability is consided to have a high level of attack complexity. The potential impact of an exploit of this vulnerability is considered to be very high.
Weakness Type
What is a Stack Overflow Vulnerability?
A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
CVE-2026-59837 has been classified to as a Stack Overflow vulnerability or weakness.
Products Associated with CVE-2026-59837
Want to know whenever a new CVE is published for Fortinet products? stack.watch will email you.
Affected Versions
Fortinet FortiPAM:- Version 1.8.0, <= 1.8.2 is affected.
- Version 1.7.0, <= 1.7.2 is affected.
- Version 1.6.0, <= 1.6.2 is affected.
- Version 1.5.0, <= 1.5.1 is affected.
- Version 1.4.0, <= 1.4.3 is affected.
- Version 1.3.0, <= 1.3.1 is affected.
- Version 1.2.0 is affected.
- Version 1.1.0, <= 1.1.2 is affected.
- Version 1.0.0, <= 1.0.3 is affected.
- Version 26.1.1, <= 26.1.2 is affected.
- Version 7.4.0, <= 7.4.13 is affected.
- Version 7.2.0, <= 7.2.16 is affected.
- Version 7.4.0, <= 7.4.1 is affected.
- Version 7.2.0, <= 7.2.13 is affected.
- Version 7.0.0, <= 7.0.19 is affected.
- Version 6.4.0, <= 6.4.16 is affected.