CVE-2026-59840 vulnerability in Fortinet Products
Published on July 14, 2026
A buffer over-read vulnerability in Fortinet FortiOS 7.6.0 through 7.6.2, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2 all versions, FortiProxy 7.6.0 through 7.6.5, FortiProxy 7.4.0 through 7.4.13, FortiProxy 7.2 all versions may allow attacker to information disclosure via <insert attack vector here>
Vulnerability Analysis
CVE-2026-59840 is exploitable with network access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality, a small impact on integrity and availability.
Weakness Type
Buffer Over-read
The software reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations after the targeted buffer. This typically occurs when the pointer or its index is incremented to a position beyond the bounds of the buffer or when pointer arithmetic results in a position outside of the valid memory location to name a few. This may result in exposure of sensitive information or possibly a crash.
Products Associated with CVE-2026-59840
Want to know whenever a new CVE is published for Fortinet products? stack.watch will email you.
Affected Versions
Fortinet FortiOS:- Version 7.6.0, <= 7.6.2 is affected.
- Version 7.4.0, <= 7.4.8 is affected.
- Version 7.2.0, <= 7.2.13 is affected.
- Version 7.0.0, <= 7.0.19 is affected.
- Version 6.4.0, <= 6.4.16 is affected.
- Version 1.7.0 is affected.
- Version 1.6.0, <= 1.6.2 is affected.
- Version 1.5.0, <= 1.5.1 is affected.
- Version 1.4.0, <= 1.4.3 is affected.
- Version 1.3.0, <= 1.3.1 is affected.
- Version 1.2.0 is affected.
- Version 1.1.0, <= 1.1.2 is affected.
- Version 1.0.0, <= 1.0.3 is affected.
- Version 7.2.0, <= 7.2.7 is affected.
- Version 7.0.0, <= 7.0.6 is affected.
- Version 7.6.0, <= 7.6.5 is affected.
- Version 7.4.0, <= 7.4.13 is affected.
- Version 7.2.0, <= 7.2.16 is affected.
- Version 7.0.0, <= 7.0.23 is affected.