Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    365 vulnerabilities found for FortiWeb by Fortinet

    CERTFR-2026-AVI-0440

    Vulnerability from certfr_avis - Published: 2026-04-15 - Updated: 2026-04-15

    De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.

    Solutions

    Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    Impacted products
    Vendor Product Description
    Fortinet FortiSOAR FortiSOAR on-premise versions 7.6.x antérieures à 7.6.5 avec File Content Extraction Connector versions antérieures à 1.3.1
    Fortinet FortiNDR FortiNDR versions 7.x antérieures à 7.4.9
    Fortinet FortiNAC FortiNAC-F versions 7.6.x antérieures à 7.6.6
    Fortinet FortiAnalyzer FortiAnalyzer versions 7.6.x antérieures à 7.6.5
    Fortinet FortiManager FortiManager Cloud versions 7.x antérieures à 7.4.9
    Fortinet FortiWeb FortiWeb versions 7.x antérieures à 7.6.7
    Fortinet FortiSwitch FortiSwitchManager versions 7.0.x antérieures à 7.0.7
    Fortinet FortiSOAR FortiSOAR PaaS versions 7.3.x, 7.4.x et 7.5.x antérieures à 7.5.3 avec File Content Extraction Connector versions antérieures à 1.3.1
    Fortinet FortiNDR FortiNDR versions 7.6.x antérieures à 7.6.1
    Fortinet FortiSandbox FortiSandbox PaaS versions 5.0.x antérieures à 5.0.6
    Fortinet FortiManager FortiManager Cloud versions 7.6.x antérieures à 7.6.5
    Fortinet FortiSandbox FortiSandbox versions 5.0.x antérieures à 5.0.6
    Fortinet FortiOS FortiOS versions antérieures à 7.4.10
    Fortinet FortiDDoS FortiDDoS-F versions 7.2.x antérieures à 7.2.3
    Fortinet FortiAnalyzer FortiAnalyzer versions 7.x antérieures à 7.4.9
    Fortinet FortiManager FortiManager versions 7.6.x antérieures à 7.6.5
    Fortinet FortiAnalyzer FortiAnalyzer Cloud versions 7.x antérieures à 7.4.9
    Fortinet FortiOS FortiOS versions 7.6.x antérieures à 7.6.5
    Fortinet FortiPAM FortiPAM versions antérieures à 1.7.1
    Fortinet FortiWeb FortiWeb versions 8.0.x antérieures à 8.0.4
    Fortinet FortiManager FortiManager versions 7.x antérieures à 7.4.9
    Fortinet FortiProxy FortiProxy versions 7.x antérieures à 7.4.12
    Fortinet FortiSOAR FortiSOAR on-premise versions 7.3.x, 7.4.x et 7.5.x antérieures à 7.5.3 avec File Content Extraction Connector versions antérieures à 1.3.1
    Fortinet FortiSwitch FortiSwitchManager versions 7.2.x antérieures à 7.2.8
    Fortinet FortiSandbox FortiSandbox PaaS versions 4.2.x et 4.4.x antérieures à 4.4.9
    Fortinet FortiAnalyzer FortiAnalyzer Cloud versions 7.6.x antérieures à 7.6.5
    Fortinet FortiProxy FortiProxy versions 7.6.x antérieures à 7.6.5
    Fortinet FortiClientEMS FortiClientEMS versions 7.x antérieures à 7.2.13
    Fortinet FortiSandbox FortiSandbox versions 4.2.x et 4.4.x antérieures à 4.4.9 (cette version reste affectée par la vulnérabilité CVE-2026-27316)
    Fortinet FortiVoice FortiVoice versions 7.0.x antérieures à 7.0.2
    Fortinet FortiClientEMS FortiClientEMS versions 7.4.x antérieures à 7.4.6
    Fortinet FortiSOAR FortiSOAR PaaS versions 7.6.x antérieures à 7.6.5 avec File Content Extraction Connector versions antérieures à 1.3.1
    References
    Bulletin de sécurité Fortinet FG-IR-26-111 2026-04-14 vendor-advisory
    Bulletin de sécurité Fortinet FG-IR-26-110 2026-04-14 vendor-advisory
    Bulletin de sécurité Fortinet FG-IR-26-101 2026-04-14 vendor-advisory
    Bulletin de sécurité Fortinet FG-IR-26-120 2026-04-14 vendor-advisory
    Bulletin de sécurité Fortinet FG-IR-26-105 2026-04-14 vendor-advisory
    Bulletin de sécurité Fortinet FG-IR-26-106 2026-04-14 vendor-advisory
    Bulletin de sécurité Fortinet FG-IR-26-102 2026-04-14 vendor-advisory
    Bulletin de sécurité Fortinet FG-IR-26-114 2026-04-14 vendor-advisory
    Bulletin de sécurité Fortinet FG-IR-26-107 2026-04-14 vendor-advisory
    Bulletin de sécurité Fortinet FG-IR-26-109 2026-04-14 vendor-advisory
    Bulletin de sécurité Fortinet FG-IR-26-115 2026-04-14 vendor-advisory
    Bulletin de sécurité Fortinet FG-IR-26-119 2026-04-14 vendor-advisory
    Bulletin de sécurité Fortinet FG-IR-26-103 2026-04-14 vendor-advisory
    Bulletin de sécurité Fortinet FG-IR-26-108 2026-04-14 vendor-advisory
    Bulletin de sécurité Fortinet FG-IR-26-125 2026-04-14 vendor-advisory
    Bulletin de sécurité Fortinet FG-IR-26-121 2026-04-14 vendor-advisory
    Bulletin de sécurité Fortinet FG-IR-26-100 2026-04-14 vendor-advisory
    Bulletin de sécurité Fortinet FG-IR-26-118 2026-04-14 vendor-advisory
    Bulletin de sécurité Fortinet FG-IR-26-124 2026-04-14 vendor-advisory
    Bulletin de sécurité Fortinet FG-IR-26-113 2026-04-14 vendor-advisory
    Bulletin de sécurité Fortinet FG-IR-26-127 2026-04-15 vendor-advisory
    Bulletin de sécurité Fortinet FG-IR-26-117 2026-04-14 vendor-advisory
    Bulletin de sécurité Fortinet FG-IR-26-122 2026-04-14 vendor-advisory
    Bulletin de sécurité Fortinet FG-IR-26-104 2026-04-14 vendor-advisory
    Bulletin de sécurité Fortinet FG-IR-26-112 2026-04-14 vendor-advisory
    Bulletin de sécurité Fortinet FG-IR-26-126 2026-04-14 vendor-advisory
    Bulletin de sécurité Fortinet FG-IR-26-116 2026-04-14 vendor-advisory

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": "FortiSOAR on-premise versions 7.6.x ant\u00e9rieures \u00e0 7.6.5 avec File Content Extraction Connector versions ant\u00e9rieures \u00e0 1.3.1",
          "product": {
            "name": "FortiSOAR",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiNDR versions 7.x ant\u00e9rieures \u00e0 7.4.9",
          "product": {
            "name": "FortiNDR",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiNAC-F versions 7.6.x ant\u00e9rieures \u00e0 7.6.6",
          "product": {
            "name": "FortiNAC",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiAnalyzer versions 7.6.x ant\u00e9rieures \u00e0 7.6.5",
          "product": {
            "name": "FortiAnalyzer",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiManager Cloud versions 7.x ant\u00e9rieures \u00e0 7.4.9",
          "product": {
            "name": "FortiManager",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiWeb versions 7.x ant\u00e9rieures \u00e0 7.6.7",
          "product": {
            "name": "FortiWeb",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiSwitchManager versions 7.0.x ant\u00e9rieures \u00e0 7.0.7",
          "product": {
            "name": "FortiSwitch",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiSOAR PaaS versions 7.3.x, 7.4.x et 7.5.x ant\u00e9rieures \u00e0 7.5.3 avec File Content Extraction Connector versions ant\u00e9rieures \u00e0 1.3.1",
          "product": {
            "name": "FortiSOAR",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiNDR versions 7.6.x ant\u00e9rieures \u00e0 7.6.1",
          "product": {
            "name": "FortiNDR",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiSandbox PaaS versions 5.0.x ant\u00e9rieures \u00e0 5.0.6",
          "product": {
            "name": "FortiSandbox",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiManager Cloud versions 7.6.x ant\u00e9rieures \u00e0 7.6.5",
          "product": {
            "name": "FortiManager",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiSandbox versions 5.0.x ant\u00e9rieures \u00e0 5.0.6",
          "product": {
            "name": "FortiSandbox",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiOS versions ant\u00e9rieures \u00e0 7.4.10",
          "product": {
            "name": "FortiOS",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiDDoS-F versions 7.2.x ant\u00e9rieures \u00e0 7.2.3",
          "product": {
            "name": "FortiDDoS",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiAnalyzer versions 7.x ant\u00e9rieures \u00e0 7.4.9",
          "product": {
            "name": "FortiAnalyzer",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiManager versions 7.6.x ant\u00e9rieures \u00e0 7.6.5",
          "product": {
            "name": "FortiManager",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiAnalyzer Cloud versions 7.x ant\u00e9rieures \u00e0 7.4.9",
          "product": {
            "name": "FortiAnalyzer",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiOS versions 7.6.x ant\u00e9rieures \u00e0 7.6.5",
          "product": {
            "name": "FortiOS",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiPAM versions ant\u00e9rieures \u00e0 1.7.1",
          "product": {
            "name": "FortiPAM",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiWeb versions 8.0.x ant\u00e9rieures \u00e0 8.0.4",
          "product": {
            "name": "FortiWeb",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiManager versions 7.x ant\u00e9rieures \u00e0 7.4.9",
          "product": {
            "name": "FortiManager",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiProxy versions 7.x ant\u00e9rieures \u00e0 7.4.12",
          "product": {
            "name": "FortiProxy",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiSOAR on-premise versions 7.3.x, 7.4.x et 7.5.x ant\u00e9rieures \u00e0 7.5.3 avec File Content Extraction Connector versions ant\u00e9rieures \u00e0 1.3.1",
          "product": {
            "name": "FortiSOAR",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiSwitchManager versions 7.2.x ant\u00e9rieures \u00e0 7.2.8",
          "product": {
            "name": "FortiSwitch",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiSandbox PaaS versions 4.2.x et 4.4.x ant\u00e9rieures \u00e0 4.4.9",
          "product": {
            "name": "FortiSandbox",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiAnalyzer Cloud versions 7.6.x ant\u00e9rieures \u00e0 7.6.5",
          "product": {
            "name": "FortiAnalyzer",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiProxy versions 7.6.x ant\u00e9rieures \u00e0 7.6.5",
          "product": {
            "name": "FortiProxy",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiClientEMS versions 7.x ant\u00e9rieures \u00e0 7.2.13",
          "product": {
            "name": "FortiClientEMS",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiSandbox versions 4.2.x et 4.4.x ant\u00e9rieures \u00e0 4.4.9 (cette version reste affect\u00e9e par la vuln\u00e9rabilit\u00e9 CVE-2026-27316)",
          "product": {
            "name": "FortiSandbox",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiVoice versions 7.0.x ant\u00e9rieures \u00e0 7.0.2",
          "product": {
            "name": "FortiVoice",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiClientEMS versions 7.4.x ant\u00e9rieures \u00e0 7.4.6",
          "product": {
            "name": "FortiClientEMS",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiSOAR PaaS versions 7.6.x ant\u00e9rieures \u00e0 7.6.5 avec File Content Extraction Connector versions ant\u00e9rieures \u00e0 1.3.1",
          "product": {
            "name": "FortiSOAR",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        }
      ],
      "affected_systems_content": "",
      "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
      "cves": [
        {
          "name": "CVE-2026-39809",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-39809"
        },
        {
          "name": "CVE-2025-61848",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-61848"
        },
        {
          "name": "CVE-2026-22155",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-22155"
        },
        {
          "name": "CVE-2026-39812",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-39812"
        },
        {
          "name": "CVE-2026-21741",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-21741"
        },
        {
          "name": "CVE-2026-27316",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-27316"
        },
        {
          "name": "CVE-2025-61624",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-61624"
        },
        {
          "name": "CVE-2026-39808",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-39808"
        },
        {
          "name": "CVE-2026-22574",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-22574"
        },
        {
          "name": "CVE-2025-61886",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-61886"
        },
        {
          "name": "CVE-2024-23104",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-23104"
        },
        {
          "name": "CVE-2026-39811",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-39811"
        },
        {
          "name": "CVE-2026-39814",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-39814"
        },
        {
          "name": "CVE-2026-39810",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-39810"
        },
        {
          "name": "CVE-2026-25691",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-25691"
        },
        {
          "name": "CVE-2026-22576",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-22576"
        },
        {
          "name": "CVE-2026-22573",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-22573"
        },
        {
          "name": "CVE-2026-39815",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-39815"
        },
        {
          "name": "CVE-2026-21742",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-21742"
        },
        {
          "name": "CVE-2026-22828",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-22828"
        },
        {
          "name": "CVE-2026-22154",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-22154"
        },
        {
          "name": "CVE-2026-23708",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23708"
        },
        {
          "name": "CVE-2025-53847",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-53847"
        },
        {
          "name": "CVE-2026-39813",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-39813"
        },
        {
          "name": "CVE-2025-68649",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-68649"
        },
        {
          "name": "CVE-2025-59809",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-59809"
        },
        {
          "name": "CVE-2026-40688",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-40688"
        }
      ],
      "initial_release_date": "2026-04-15T00:00:00",
      "last_revision_date": "2026-04-15T00:00:00",
      "links": [],
      "reference": "CERTFR-2026-AVI-0440",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2026-04-15T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "D\u00e9ni de service \u00e0 distance"
        },
        {
          "description": "Injection de code indirecte \u00e0 distance (XSS)"
        },
        {
          "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
        },
        {
          "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
        },
        {
          "description": "Injection SQL (SQLi)"
        },
        {
          "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
        },
        {
          "description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
        },
        {
          "description": "Contournement de la politique de s\u00e9curit\u00e9"
        },
        {
          "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
        },
        {
          "description": "\u00c9l\u00e9vation de privil\u00e8ges"
        }
      ],
      "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Fortinet. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
      "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
      "vendor_advisories": [
        {
          "published_at": "2026-04-14",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-111",
          "url": "https://www.fortiguard.com/psirt/FG-IR-26-111"
        },
        {
          "published_at": "2026-04-14",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-110",
          "url": "https://www.fortiguard.com/psirt/FG-IR-26-110"
        },
        {
          "published_at": "2026-04-14",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-101",
          "url": "https://www.fortiguard.com/psirt/FG-IR-26-101"
        },
        {
          "published_at": "2026-04-14",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-120",
          "url": "https://www.fortiguard.com/psirt/FG-IR-26-120"
        },
        {
          "published_at": "2026-04-14",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-105",
          "url": "https://www.fortiguard.com/psirt/FG-IR-26-105"
        },
        {
          "published_at": "2026-04-14",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-106",
          "url": "https://www.fortiguard.com/psirt/FG-IR-26-106"
        },
        {
          "published_at": "2026-04-14",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-102",
          "url": "https://www.fortiguard.com/psirt/FG-IR-26-102"
        },
        {
          "published_at": "2026-04-14",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-114",
          "url": "https://www.fortiguard.com/psirt/FG-IR-26-114"
        },
        {
          "published_at": "2026-04-14",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-107",
          "url": "https://www.fortiguard.com/psirt/FG-IR-26-107"
        },
        {
          "published_at": "2026-04-14",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-109",
          "url": "https://www.fortiguard.com/psirt/FG-IR-26-109"
        },
        {
          "published_at": "2026-04-14",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-115",
          "url": "https://www.fortiguard.com/psirt/FG-IR-26-115"
        },
        {
          "published_at": "2026-04-14",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-119",
          "url": "https://www.fortiguard.com/psirt/FG-IR-26-119"
        },
        {
          "published_at": "2026-04-14",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-103",
          "url": "https://www.fortiguard.com/psirt/FG-IR-26-103"
        },
        {
          "published_at": "2026-04-14",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-108",
          "url": "https://www.fortiguard.com/psirt/FG-IR-26-108"
        },
        {
          "published_at": "2026-04-14",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-125",
          "url": "https://www.fortiguard.com/psirt/FG-IR-26-125"
        },
        {
          "published_at": "2026-04-14",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-121",
          "url": "https://www.fortiguard.com/psirt/FG-IR-26-121"
        },
        {
          "published_at": "2026-04-14",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-100",
          "url": "https://www.fortiguard.com/psirt/FG-IR-26-100"
        },
        {
          "published_at": "2026-04-14",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-118",
          "url": "https://www.fortiguard.com/psirt/FG-IR-26-118"
        },
        {
          "published_at": "2026-04-14",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-124",
          "url": "https://www.fortiguard.com/psirt/FG-IR-26-124"
        },
        {
          "published_at": "2026-04-14",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-113",
          "url": "https://www.fortiguard.com/psirt/FG-IR-26-113"
        },
        {
          "published_at": "2026-04-15",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-127",
          "url": "https://www.fortiguard.com/psirt/FG-IR-26-127"
        },
        {
          "published_at": "2026-04-14",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-117",
          "url": "https://www.fortiguard.com/psirt/FG-IR-26-117"
        },
        {
          "published_at": "2026-04-14",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-122",
          "url": "https://www.fortiguard.com/psirt/FG-IR-26-122"
        },
        {
          "published_at": "2026-04-14",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-104",
          "url": "https://www.fortiguard.com/psirt/FG-IR-26-104"
        },
        {
          "published_at": "2026-04-14",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-112",
          "url": "https://www.fortiguard.com/psirt/FG-IR-26-112"
        },
        {
          "published_at": "2026-04-14",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-126",
          "url": "https://www.fortiguard.com/psirt/FG-IR-26-126"
        },
        {
          "published_at": "2026-04-14",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-116",
          "url": "https://www.fortiguard.com/psirt/FG-IR-26-116"
        }
      ]
    }

    CERTFR-2026-AVI-0265

    Vulnerability from certfr_avis - Published: 2026-03-11 - Updated: 2026-03-11

    De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, une élévation de privilèges et une atteinte à la confidentialité des données.

    Concernant la vulnérabilité CVE-2025-66178, l'éditeur fournit certaines recommandations dans l'attente de la version correctrice.

    Solutions

    Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    Impacted products
    Vendor Product Description
    Fortinet FortiClient FortiClientLinux versions 7.4.x antérieures à 7.4.5
    Fortinet FortiAnalyzer FortiAnalyzer-BigData versions 7.6.x antérieures à 7.6.1
    Fortinet FortiMail FortiMail versions 7.4.x antérieures à 7.4.5
    Fortinet FortiClient FortiClientLinux versions antérieures à 7.2.13
    Fortinet FortiSandbox FortiSandbox versions antérieures à 4.4.8
    Fortinet FortiManager FortiManager versions antérieures à 7.6.5
    Fortinet FortiManager FortiManager Cloud versions antérieures à 7.6.5
    Fortinet FortiMail FortiMail versions 7.6.x antérieures à 7.6.3
    Fortinet FortiDeceptor FortiDeceptor toutes versions antérieures à 6.2.1
    Fortinet FortiVoice FortiVoice versions 7.2.x antérieures à 7.2.1
    Fortinet FortiAnalyzer FortiAnalyzer Cloud versions antérieures à 7.6.5
    Fortinet FortiSOAR FortiSOAR Agent Communication Bridge versions antérieures à 1.1.1
    Fortinet FortiWeb FortiWeb versions antérieures à 7.6.7
    Fortinet FortiVoice FortiVoice versions 7.0.x antérieures à 7.0.7
    Fortinet FortiSIEM FortiSIEM versions 7.4.x antérieures à 7.4.1
    Fortinet FortiSIEM FortiSIEM versions 7.3.x antérieures à 7.3.5
    Fortinet FortiWeb FortiWeb versions 8.0.x antérieures à 8.0.4
    Fortinet FortiRecorder FortiRecorder toutes versions antérieures à 7.2.4
    Fortinet FortiAnalyzer FortiAnalyzer-BigData versions antérieures à 7.4.5
    Fortinet FortiMail FortiMail versions 7.2.x antérieures à 7.2.8
    Fortinet FortiSwitch FortiSwitchAXFixed versions 1.0.x antérieures à 1.0.2
    Fortinet FortiAnalyzer FortiAnalyzer versions antérieures à 7.6.5
    Fortinet FortiMail FortiMail versions 7.0.x antérieures à 7.0.9
    References
    Bulletin de sécurité Fortinet FG-IR-26-078 2026-03-10 vendor-advisory
    Bulletin de sécurité Fortinet FG-IR-26-096 2026-03-10 vendor-advisory
    Bulletin de sécurité Fortinet FG-IR-26-098 2026-03-10 vendor-advisory
    Bulletin de sécurité Fortinet FG-IR-26-080 2026-03-10 vendor-advisory
    Bulletin de sécurité Fortinet FG-IR-26-088 2026-03-10 vendor-advisory
    Bulletin de sécurité Fortinet FG-IR-26-094 2026-03-10 vendor-advisory
    Bulletin de sécurité Fortinet FG-IR-26-092 2026-03-10 vendor-advisory
    Bulletin de sécurité Fortinet FG-IR-26-090 2026-03-10 vendor-advisory
    Bulletin de sécurité Fortinet FG-IR-26-081 2026-03-10 vendor-advisory
    Bulletin de sécurité Fortinet FG-IR-26-095 2026-03-10 vendor-advisory
    Bulletin de sécurité Fortinet FG-IR-26-093 2026-03-10 vendor-advisory
    Bulletin de sécurité Fortinet FG-IR-26-083 2026-03-10 vendor-advisory
    Bulletin de sécurité Fortinet FG-IR-26-087 2026-03-10 vendor-advisory
    Bulletin de sécurité Fortinet FG-IR-26-079 2026-03-10 vendor-advisory
    Bulletin de sécurité Fortinet FG-IR-26-086 2026-03-10 vendor-advisory
    Bulletin de sécurité Fortinet FG-IR-26-077 2026-03-10 vendor-advisory
    Bulletin de sécurité Fortinet FG-IR-26-082 2026-03-10 vendor-advisory
    Bulletin de sécurité Fortinet FG-IR-26-097 2026-03-10 vendor-advisory
    Bulletin de sécurité Fortinet FG-IR-26-085 2026-03-10 vendor-advisory
    Bulletin de sécurité Fortinet FG-IR-26-091 2026-03-10 vendor-advisory
    Bulletin de sécurité Fortinet FG-IR-26-089 2026-03-10 vendor-advisory
    Bulletin de sécurité Fortinet FG-IR-26-084 2026-03-10 vendor-advisory

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": "FortiClientLinux versions 7.4.x ant\u00e9rieures \u00e0 7.4.5",
          "product": {
            "name": "FortiClient",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiAnalyzer-BigData versions 7.6.x ant\u00e9rieures \u00e0 7.6.1",
          "product": {
            "name": "FortiAnalyzer",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiMail versions 7.4.x ant\u00e9rieures \u00e0 7.4.5",
          "product": {
            "name": "FortiMail",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiClientLinux versions ant\u00e9rieures \u00e0 7.2.13",
          "product": {
            "name": "FortiClient",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiSandbox versions ant\u00e9rieures \u00e0 4.4.8",
          "product": {
            "name": "FortiSandbox",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiManager versions ant\u00e9rieures \u00e0 7.6.5",
          "product": {
            "name": "FortiManager",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiManager Cloud versions ant\u00e9rieures \u00e0 7.6.5",
          "product": {
            "name": "FortiManager",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiMail versions 7.6.x ant\u00e9rieures \u00e0 7.6.3",
          "product": {
            "name": "FortiMail",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiDeceptor toutes versions ant\u00e9rieures \u00e0 6.2.1",
          "product": {
            "name": "FortiDeceptor",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiVoice versions 7.2.x ant\u00e9rieures \u00e0 7.2.1",
          "product": {
            "name": "FortiVoice",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiAnalyzer Cloud versions ant\u00e9rieures \u00e0 7.6.5",
          "product": {
            "name": "FortiAnalyzer",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiSOAR Agent Communication Bridge versions ant\u00e9rieures \u00e0 1.1.1",
          "product": {
            "name": "FortiSOAR",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiWeb versions ant\u00e9rieures \u00e0 7.6.7",
          "product": {
            "name": "FortiWeb",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiVoice versions 7.0.x ant\u00e9rieures \u00e0 7.0.7",
          "product": {
            "name": "FortiVoice",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiSIEM versions 7.4.x ant\u00e9rieures \u00e0 7.4.1",
          "product": {
            "name": "FortiSIEM",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiSIEM versions 7.3.x ant\u00e9rieures \u00e0 7.3.5",
          "product": {
            "name": "FortiSIEM",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiWeb versions 8.0.x ant\u00e9rieures \u00e0 8.0.4",
          "product": {
            "name": "FortiWeb",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiRecorder toutes versions ant\u00e9rieures \u00e0 7.2.4",
          "product": {
            "name": "FortiRecorder",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiAnalyzer-BigData versions ant\u00e9rieures \u00e0 7.4.5",
          "product": {
            "name": "FortiAnalyzer",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiMail versions 7.2.x ant\u00e9rieures \u00e0 7.2.8",
          "product": {
            "name": "FortiMail",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiSwitchAXFixed versions 1.0.x ant\u00e9rieures \u00e0 1.0.2",
          "product": {
            "name": "FortiSwitch",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiAnalyzer versions ant\u00e9rieures \u00e0 7.6.5",
          "product": {
            "name": "FortiAnalyzer",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiMail versions 7.0.x ant\u00e9rieures \u00e0 7.0.9",
          "product": {
            "name": "FortiMail",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        }
      ],
      "affected_systems_content": "",
      "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
      "cves": [
        {
          "name": "CVE-2026-30897",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-30897"
        },
        {
          "name": "CVE-2025-53608",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-53608"
        },
        {
          "name": "CVE-2026-24017",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-24017"
        },
        {
          "name": "CVE-2025-68648",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-68648"
        },
        {
          "name": "CVE-2026-24640",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-24640"
        },
        {
          "name": "CVE-2026-22572",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-22572"
        },
        {
          "name": "CVE-2025-48418",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-48418"
        },
        {
          "name": "CVE-2025-48840",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-48840"
        },
        {
          "name": "CVE-2026-24641",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-24641"
        },
        {
          "name": "CVE-2026-22627",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-22627"
        },
        {
          "name": "CVE-2025-55717",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-55717"
        },
        {
          "name": "CVE-2026-24018",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-24018"
        },
        {
          "name": "CVE-2025-54820",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-54820"
        },
        {
          "name": "CVE-2025-49784",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-49784"
        },
        {
          "name": "CVE-2026-22629",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-22629"
        },
        {
          "name": "CVE-2025-66178",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-66178"
        },
        {
          "name": "CVE-2026-25689",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-25689"
        },
        {
          "name": "CVE-2026-25972",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-25972"
        },
        {
          "name": "CVE-2025-54659",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-54659"
        },
        {
          "name": "CVE-2025-68482",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-68482"
        },
        {
          "name": "CVE-2026-22628",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-22628"
        },
        {
          "name": "CVE-2026-25836",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-25836"
        }
      ],
      "initial_release_date": "2026-03-11T00:00:00",
      "last_revision_date": "2026-03-11T00:00:00",
      "links": [],
      "reference": "CERTFR-2026-AVI-0265",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2026-03-11T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "Injection de code indirecte \u00e0 distance (XSS)"
        },
        {
          "description": "Ex\u00e9cution de code arbitraire"
        },
        {
          "description": "Injection SQL (SQLi)"
        },
        {
          "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
        },
        {
          "description": "D\u00e9ni de service"
        },
        {
          "description": "Contournement de la politique de s\u00e9curit\u00e9"
        },
        {
          "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
        },
        {
          "description": "\u00c9l\u00e9vation de privil\u00e8ges"
        }
      ],
      "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Fortinet. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire, une \u00e9l\u00e9vation de privil\u00e8ges et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n\nConcernant la vuln\u00e9rabilit\u00e9 CVE-2025-66178, l\u0027\u00e9diteur fournit certaines recommandations dans l\u0027attente de la version correctrice.",
      "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
      "vendor_advisories": [
        {
          "published_at": "2026-03-10",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-078",
          "url": "https://www.fortiguard.com/psirt/FG-IR-26-078"
        },
        {
          "published_at": "2026-03-10",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-096",
          "url": "https://www.fortiguard.com/psirt/FG-IR-26-096"
        },
        {
          "published_at": "2026-03-10",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-098",
          "url": "https://www.fortiguard.com/psirt/FG-IR-26-098"
        },
        {
          "published_at": "2026-03-10",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-080",
          "url": "https://www.fortiguard.com/psirt/FG-IR-26-080"
        },
        {
          "published_at": "2026-03-10",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-088",
          "url": "https://www.fortiguard.com/psirt/FG-IR-26-088"
        },
        {
          "published_at": "2026-03-10",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-094",
          "url": "https://www.fortiguard.com/psirt/FG-IR-26-094"
        },
        {
          "published_at": "2026-03-10",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-092",
          "url": "https://www.fortiguard.com/psirt/FG-IR-26-092"
        },
        {
          "published_at": "2026-03-10",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-090",
          "url": "https://www.fortiguard.com/psirt/FG-IR-26-090"
        },
        {
          "published_at": "2026-03-10",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-081",
          "url": "https://www.fortiguard.com/psirt/FG-IR-26-081"
        },
        {
          "published_at": "2026-03-10",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-095",
          "url": "https://www.fortiguard.com/psirt/FG-IR-26-095"
        },
        {
          "published_at": "2026-03-10",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-093",
          "url": "https://www.fortiguard.com/psirt/FG-IR-26-093"
        },
        {
          "published_at": "2026-03-10",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-083",
          "url": "https://www.fortiguard.com/psirt/FG-IR-26-083"
        },
        {
          "published_at": "2026-03-10",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-087",
          "url": "https://www.fortiguard.com/psirt/FG-IR-26-087"
        },
        {
          "published_at": "2026-03-10",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-079",
          "url": "https://www.fortiguard.com/psirt/FG-IR-26-079"
        },
        {
          "published_at": "2026-03-10",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-086",
          "url": "https://www.fortiguard.com/psirt/FG-IR-26-086"
        },
        {
          "published_at": "2026-03-10",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-077",
          "url": "https://www.fortiguard.com/psirt/FG-IR-26-077"
        },
        {
          "published_at": "2026-03-10",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-082",
          "url": "https://www.fortiguard.com/psirt/FG-IR-26-082"
        },
        {
          "published_at": "2026-03-10",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-097",
          "url": "https://www.fortiguard.com/psirt/FG-IR-26-097"
        },
        {
          "published_at": "2026-03-10",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-085",
          "url": "https://www.fortiguard.com/psirt/FG-IR-26-085"
        },
        {
          "published_at": "2026-03-10",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-091",
          "url": "https://www.fortiguard.com/psirt/FG-IR-26-091"
        },
        {
          "published_at": "2026-03-10",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-089",
          "url": "https://www.fortiguard.com/psirt/FG-IR-26-089"
        },
        {
          "published_at": "2026-03-10",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-084",
          "url": "https://www.fortiguard.com/psirt/FG-IR-26-084"
        }
      ]
    }

    CERTFR-2025-AVI-1084

    Vulnerability from certfr_avis - Published: 2025-12-10 - Updated: 2025-12-10

    De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.

    Solutions

    Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    L'éditeur précise que la version 24.2 de FortiSandbox Cloud sera publiée ultérieurement.

    Impacted products
    Vendor Product Description
    Fortinet FortiAnalyzer FortiAnalyzer versions 7.2.x antérieures à 7.2.6
    Fortinet FortiOS FortiOS versions 7.6.x antérieures à 7.6.4
    Fortinet FortiSOAR FortiSOAR PaaS versions antérieures à 7.5.2
    Fortinet FortiVoice FortiVoice versions 7.2.x antérieures à 7.2.3
    Fortinet FortiSOAR FortiSOAR PaaS versions 7.6.x antérieures à 7.6.3
    Fortinet FortiSOAR FortiSOAR on-premise versions 7.6.x antérieures à 7.6.3
    Fortinet FortiWeb FortiWeb versions 7.6.x antérieures à 7.6.6
    Fortinet N/A FortiExtender versions antérieures à 7.4.8
    Fortinet FortiProxy FortiProxy versions 7.0.x antérieures à 7.0.22
    Fortinet FortiManager FortiManager versions 7.4.x antérieures à 7.4.3
    Fortinet FortiManager FortiManager versions antérieures à 7.2.6
    Fortinet FortiSRA FortiSRA versions antérieures à 1.5.x
    Fortinet FortiSandbox FortiSandbox versions 5.0.x antérieures à 5.0.3
    Fortinet FortiPortal FortiPortal versions antérieures à 7.4.6
    Fortinet FortiProxy FortiProxy versions 7.2.x antérieures à 7.2.15
    Fortinet FortiSwitch FortiSwitchManager versions 7.2.x antérieures à 7.2.7
    Fortinet FortiOS FortiOS versions 7.4.x antérieures à 7.4.9
    Fortinet FortiWeb FortiWeb versions 7.2.x antérieures à 7.2.12
    Fortinet FortiOS FortiOS versions 7.2.x antérieures à 7.2.12
    Fortinet FortiAnalyzer FortiAnalyzer versions 7.4.x antérieures à 7.4.3
    Fortinet FortiWeb FortiWeb versions 8.0.x antérieures à 8.0.2
    Fortinet FortiSandbox FortiSandbox Cloud versions antérieures à 24.2
    Fortinet N/A FortiExtender versions 7.6.x antérieures à 7.6.4
    Fortinet FortiOS FortiOS versions antérieures à 7.0.18
    Fortinet FortiSASE FortiSASE versions 24.1.x antérieures à 24.1.c
    Fortinet FortiSandbox FortiSandbox versions 4.x antérieures à 4.4.8
    Fortinet FortiWeb FortiWeb versions 7.0.x antérieures à 7.0.12
    Fortinet FortiVoice FortiVoice versions antérieures à 7.0.8
    Fortinet FortiSOAR FortiSOAR on-premise versions antérieures à 7.5.2
    Fortinet FortiProxy FortiProxy versions 7.4.x antérieures à 7.4.11
    Fortinet FortiPAM FortiPAM versions antérieures à 1.5.x
    Fortinet FortiAuthenticator FortiAuthenticator versions antérieures à 6.6.7
    Fortinet FortiSwitch FortiSwitchManager versions 7.0.x antérieures à 7.0.6
    Fortinet FortiProxy FortiProxy versions 7.6.x antérieures à 7.6.4
    Fortinet FortiWeb FortiWeb versions 7.4.x antérieures à 7.4.11
    References

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": "FortiAnalyzer versions 7.2.x ant\u00e9rieures \u00e0 7.2.6",
          "product": {
            "name": "FortiAnalyzer",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiOS versions 7.6.x ant\u00e9rieures \u00e0 7.6.4",
          "product": {
            "name": "FortiOS",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiSOAR PaaS versions ant\u00e9rieures \u00e0 7.5.2",
          "product": {
            "name": "FortiSOAR",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiVoice versions 7.2.x ant\u00e9rieures \u00e0 7.2.3",
          "product": {
            "name": "FortiVoice",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiSOAR PaaS versions 7.6.x ant\u00e9rieures \u00e0 7.6.3",
          "product": {
            "name": "FortiSOAR",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiSOAR on-premise versions 7.6.x ant\u00e9rieures \u00e0 7.6.3",
          "product": {
            "name": "FortiSOAR",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiWeb versions 7.6.x ant\u00e9rieures \u00e0 7.6.6",
          "product": {
            "name": "FortiWeb",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiExtender versions ant\u00e9rieures \u00e0 7.4.8",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiProxy versions 7.0.x ant\u00e9rieures \u00e0 7.0.22",
          "product": {
            "name": "FortiProxy",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiManager versions 7.4.x ant\u00e9rieures \u00e0 7.4.3",
          "product": {
            "name": "FortiManager",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiManager versions ant\u00e9rieures \u00e0 7.2.6",
          "product": {
            "name": "FortiManager",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiSRA versions ant\u00e9rieures \u00e0 1.5.x",
          "product": {
            "name": "FortiSRA",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiSandbox versions 5.0.x ant\u00e9rieures \u00e0 5.0.3",
          "product": {
            "name": "FortiSandbox",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiPortal versions ant\u00e9rieures \u00e0 7.4.6",
          "product": {
            "name": "FortiPortal",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiProxy versions 7.2.x ant\u00e9rieures \u00e0 7.2.15",
          "product": {
            "name": "FortiProxy",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiSwitchManager versions 7.2.x ant\u00e9rieures \u00e0 7.2.7",
          "product": {
            "name": "FortiSwitch",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiOS versions 7.4.x ant\u00e9rieures \u00e0 7.4.9",
          "product": {
            "name": "FortiOS",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiWeb versions 7.2.x ant\u00e9rieures \u00e0 7.2.12",
          "product": {
            "name": "FortiWeb",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiOS versions 7.2.x ant\u00e9rieures \u00e0 7.2.12",
          "product": {
            "name": "FortiOS",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiAnalyzer versions 7.4.x ant\u00e9rieures \u00e0 7.4.3",
          "product": {
            "name": "FortiAnalyzer",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiWeb versions 8.0.x ant\u00e9rieures \u00e0 8.0.2",
          "product": {
            "name": "FortiWeb",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiSandbox Cloud versions ant\u00e9rieures \u00e0 24.2",
          "product": {
            "name": "FortiSandbox",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiExtender versions 7.6.x ant\u00e9rieures \u00e0 7.6.4",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiOS versions ant\u00e9rieures \u00e0 7.0.18",
          "product": {
            "name": "FortiOS",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiSASE versions 24.1.x ant\u00e9rieures \u00e0 24.1.c",
          "product": {
            "name": "FortiSASE",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiSandbox versions 4.x ant\u00e9rieures \u00e0 4.4.8",
          "product": {
            "name": "FortiSandbox",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiWeb versions 7.0.x ant\u00e9rieures \u00e0 7.0.12",
          "product": {
            "name": "FortiWeb",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiVoice versions ant\u00e9rieures \u00e0 7.0.8",
          "product": {
            "name": "FortiVoice",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiSOAR on-premise versions ant\u00e9rieures \u00e0 7.5.2",
          "product": {
            "name": "FortiSOAR",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiProxy versions 7.4.x ant\u00e9rieures \u00e0 7.4.11",
          "product": {
            "name": "FortiProxy",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiPAM versions ant\u00e9rieures \u00e0 1.5.x",
          "product": {
            "name": "FortiPAM",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiAuthenticator versions ant\u00e9rieures \u00e0 6.6.7",
          "product": {
            "name": "FortiAuthenticator",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiSwitchManager versions 7.0.x ant\u00e9rieures \u00e0 7.0.6",
          "product": {
            "name": "FortiSwitch",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiProxy versions 7.6.x ant\u00e9rieures \u00e0 7.6.4",
          "product": {
            "name": "FortiProxy",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiWeb versions 7.4.x ant\u00e9rieures \u00e0 7.4.11",
          "product": {
            "name": "FortiWeb",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        }
      ],
      "affected_systems_content": "L\u0027\u00e9diteur pr\u00e9cise que la version 24.2 de FortiSandbox Cloud sera publi\u00e9e ult\u00e9rieurement.",
      "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
      "cves": [
        {
          "name": "CVE-2025-60024",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-60024"
        },
        {
          "name": "CVE-2025-64153",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-64153"
        },
        {
          "name": "CVE-2025-57823",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-57823"
        },
        {
          "name": "CVE-2024-40593",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-40593"
        },
        {
          "name": "CVE-2025-53679",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-53679"
        },
        {
          "name": "CVE-2025-62631",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-62631"
        },
        {
          "name": "CVE-2025-54353",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-54353"
        },
        {
          "name": "CVE-2025-53949",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-53949"
        },
        {
          "name": "CVE-2025-59719",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-59719"
        },
        {
          "name": "CVE-2025-59810",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-59810"
        },
        {
          "name": "CVE-2025-64471",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-64471"
        },
        {
          "name": "CVE-2025-64447",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-64447"
        },
        {
          "name": "CVE-2024-47570",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-47570"
        },
        {
          "name": "CVE-2025-59808",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-59808"
        },
        {
          "name": "CVE-2025-54838",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-54838"
        },
        {
          "name": "CVE-2025-59923",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-59923"
        },
        {
          "name": "CVE-2025-64156",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-64156"
        },
        {
          "name": "CVE-2025-59718",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-59718"
        }
      ],
      "initial_release_date": "2025-12-10T00:00:00",
      "last_revision_date": "2025-12-10T00:00:00",
      "links": [],
      "reference": "CERTFR-2025-AVI-1084",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2025-12-10T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "D\u00e9ni de service \u00e0 distance"
        },
        {
          "description": "Injection de code indirecte \u00e0 distance (XSS)"
        },
        {
          "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
        },
        {
          "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
        },
        {
          "description": "Injection SQL (SQLi)"
        },
        {
          "description": "Contournement de la politique de s\u00e9curit\u00e9"
        },
        {
          "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
        },
        {
          "description": "\u00c9l\u00e9vation de privil\u00e8ges"
        }
      ],
      "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Fortinet. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
      "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
      "vendor_advisories": [
        {
          "published_at": "2025-12-09",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-411",
          "url": "https://www.fortiguard.com/psirt/FG-IR-25-411"
        },
        {
          "published_at": "2025-12-09",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-479",
          "url": "https://www.fortiguard.com/psirt/FG-IR-25-479"
        },
        {
          "published_at": "2025-12-09",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-268",
          "url": "https://www.fortiguard.com/psirt/FG-IR-24-268"
        },
        {
          "published_at": "2025-12-09",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-362",
          "url": "https://www.fortiguard.com/psirt/FG-IR-25-362"
        },
        {
          "published_at": "2025-12-09",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-599",
          "url": "https://www.fortiguard.com/psirt/FG-IR-25-599"
        },
        {
          "published_at": "2025-12-09",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-133",
          "url": "https://www.fortiguard.com/psirt/FG-IR-24-133"
        },
        {
          "published_at": "2025-12-09",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-616",
          "url": "https://www.fortiguard.com/psirt/FG-IR-25-616"
        },
        {
          "published_at": "2025-12-09",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-812",
          "url": "https://www.fortiguard.com/psirt/FG-IR-25-812"
        },
        {
          "published_at": "2025-12-09",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-739",
          "url": "https://www.fortiguard.com/psirt/FG-IR-25-739"
        },
        {
          "published_at": "2025-12-09",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-984",
          "url": "https://www.fortiguard.com/psirt/FG-IR-25-984"
        },
        {
          "published_at": "2025-12-09",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-945",
          "url": "https://www.fortiguard.com/psirt/FG-IR-25-945"
        },
        {
          "published_at": "2025-12-09",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-477",
          "url": "https://www.fortiguard.com/psirt/FG-IR-25-477"
        },
        {
          "published_at": "2025-12-09",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-647",
          "url": "https://www.fortiguard.com/psirt/FG-IR-25-647"
        },
        {
          "published_at": "2025-12-09",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-601",
          "url": "https://www.fortiguard.com/psirt/FG-IR-25-601"
        },
        {
          "published_at": "2025-12-09",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-454",
          "url": "https://www.fortiguard.com/psirt/FG-IR-25-454"
        },
        {
          "published_at": "2025-12-09",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-032",
          "url": "https://www.fortiguard.com/psirt/FG-IR-25-032"
        },
        {
          "published_at": "2025-12-09",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-554",
          "url": "https://www.fortiguard.com/psirt/FG-IR-25-554"
        }
      ]
    }

    CERTFR-2025-AVI-1023

    Vulnerability from certfr_avis - Published: 2025-11-19 - Updated: 2025-11-19

    De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et une atteinte à la confidentialité des données.

    Fortinet indique que la vulnérabilité CVE-2025-58034 est activement exploitée.

    Solutions

    Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    Impacted products
    Vendor Product Description
    Fortinet FortiADC FortiADC versions 7.4.x antérieures à 7.4.8
    Fortinet FortiOS FortiOS versions antérieures à 7.6.4
    Fortinet FortiMail FortiMail versions 7.6.x antérieures à 7.6.4
    Fortinet FortiVoice FortiVoice versions 7.2.x antérieures à 7.2.3
    Fortinet N/A FortiExtender versions antérieures à 7.4.8
    Fortinet FortiSASE FortiSASE versions antérieures à 25.3.c
    Fortinet FortiClient FortiClientWindows versions antérieures à 7.2.11
    Fortinet FortiClient FortiClientWindows versions 7.4.x antérieures à 7.4.4
    Fortinet FortiVoice FortiVoice versions 7.0.x antérieures à 7.0.8
    Fortinet FortiSandbox FortiSandbox versions 5.0.x antérieures à 5.0.2
    Fortinet FortiMail FortiMail versions antérieures à 7.4.6 (à venir)
    Fortinet FortiPAM FortiPAM versions antérieures à 1.6.1
    Fortinet FortiADC FortiADC versions 7.6.x antérieures à 7.6.4
    Fortinet FortiWeb FortiWeb versions 8.0.x antérieures à 8.0.2
    Fortinet FortiADC FortiADC versions 8.0.x antérieures à 8.0.1
    Fortinet FortiProxy FortiProxy versions antérieures à 7.6.4
    Fortinet N/A FortiExtender versions 7.6.x antérieures à 7.6.3
    Fortinet FortiSandbox FortiSandbox versions à 4.4.8
    Fortinet FortiWeb FortiWeb versions antérieures à 7.6.6
    References

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": "FortiADC versions 7.4.x ant\u00e9rieures \u00e0 7.4.8",
          "product": {
            "name": "FortiADC",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiOS versions ant\u00e9rieures \u00e0 7.6.4",
          "product": {
            "name": "FortiOS",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiMail versions 7.6.x ant\u00e9rieures \u00e0 7.6.4",
          "product": {
            "name": "FortiMail",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiVoice versions 7.2.x ant\u00e9rieures \u00e0 7.2.3",
          "product": {
            "name": "FortiVoice",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiExtender versions ant\u00e9rieures \u00e0 7.4.8",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiSASE versions ant\u00e9rieures \u00e0 25.3.c",
          "product": {
            "name": "FortiSASE",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiClientWindows versions ant\u00e9rieures \u00e0 7.2.11",
          "product": {
            "name": "FortiClient",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiClientWindows versions 7.4.x ant\u00e9rieures \u00e0 7.4.4",
          "product": {
            "name": "FortiClient",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiVoice versions 7.0.x ant\u00e9rieures \u00e0 7.0.8",
          "product": {
            "name": "FortiVoice",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiSandbox versions 5.0.x ant\u00e9rieures \u00e0 5.0.2",
          "product": {
            "name": "FortiSandbox",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiMail versions ant\u00e9rieures \u00e0 7.4.6 (\u00e0 venir)",
          "product": {
            "name": "FortiMail",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiPAM versions ant\u00e9rieures \u00e0 1.6.1",
          "product": {
            "name": "FortiPAM",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiADC versions 7.6.x ant\u00e9rieures \u00e0 7.6.4",
          "product": {
            "name": "FortiADC",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiWeb versions 8.0.x ant\u00e9rieures \u00e0 8.0.2",
          "product": {
            "name": "FortiWeb",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiADC versions 8.0.x ant\u00e9rieures \u00e0 8.0.1",
          "product": {
            "name": "FortiADC",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiProxy versions ant\u00e9rieures \u00e0 7.6.4",
          "product": {
            "name": "FortiProxy",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiExtender versions 7.6.x ant\u00e9rieures \u00e0 7.6.3",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiSandbox versions \u00e0 4.4.8",
          "product": {
            "name": "FortiSandbox",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiWeb versions ant\u00e9rieures \u00e0 7.6.6",
          "product": {
            "name": "FortiWeb",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        }
      ],
      "affected_systems_content": "",
      "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
      "cves": [
        {
          "name": "CVE-2025-46215",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-46215"
        },
        {
          "name": "CVE-2025-58412",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-58412"
        },
        {
          "name": "CVE-2025-54821",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-54821"
        },
        {
          "name": "CVE-2025-46776",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-46776"
        },
        {
          "name": "CVE-2025-46775",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-46775"
        },
        {
          "name": "CVE-2025-59669",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-59669"
        },
        {
          "name": "CVE-2025-54660",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-54660"
        },
        {
          "name": "CVE-2025-47761",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-47761"
        },
        {
          "name": "CVE-2025-48839",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-48839"
        },
        {
          "name": "CVE-2025-53843",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-53843"
        },
        {
          "name": "CVE-2025-61713",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-61713"
        },
        {
          "name": "CVE-2025-54971",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-54971"
        },
        {
          "name": "CVE-2025-58692",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-58692"
        },
        {
          "name": "CVE-2025-54972",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-54972"
        },
        {
          "name": "CVE-2025-58413",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-58413"
        },
        {
          "name": "CVE-2025-58034",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-58034"
        },
        {
          "name": "CVE-2025-46373",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-46373"
        }
      ],
      "initial_release_date": "2025-11-19T00:00:00",
      "last_revision_date": "2025-11-19T00:00:00",
      "links": [],
      "reference": "CERTFR-2025-AVI-1023",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2025-11-19T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "Injection de code indirecte \u00e0 distance (XSS)"
        },
        {
          "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
        },
        {
          "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
        },
        {
          "description": "Injection SQL (SQLi)"
        },
        {
          "description": "Contournement de la politique de s\u00e9curit\u00e9"
        },
        {
          "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
        },
        {
          "description": "\u00c9l\u00e9vation de privil\u00e8ges"
        }
      ],
      "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Fortinet. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n\nFortinet indique que la vuln\u00e9rabilit\u00e9 CVE-2025-58034 est activement exploit\u00e9e.",
      "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
      "vendor_advisories": [
        {
          "published_at": "2025-11-18",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-259",
          "url": "https://www.fortiguard.com/psirt/FG-IR-25-259"
        },
        {
          "published_at": "2025-11-18",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-125",
          "url": "https://www.fortiguard.com/psirt/FG-IR-25-125"
        },
        {
          "published_at": "2025-11-18",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-112",
          "url": "https://www.fortiguard.com/psirt/FG-IR-25-112"
        },
        {
          "published_at": "2025-11-18",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-358",
          "url": "https://www.fortiguard.com/psirt/FG-IR-25-358"
        },
        {
          "published_at": "2025-11-18",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-686",
          "url": "https://www.fortiguard.com/psirt/FG-IR-25-686"
        },
        {
          "published_at": "2025-11-18",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-513",
          "url": "https://www.fortiguard.com/psirt/FG-IR-25-513"
        },
        {
          "published_at": "2025-11-18",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-789",
          "url": "https://www.fortiguard.com/psirt/FG-IR-25-789"
        },
        {
          "published_at": "2025-11-18",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-632",
          "url": "https://www.fortiguard.com/psirt/FG-IR-25-632"
        },
        {
          "published_at": "2025-11-18",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-501",
          "url": "https://www.fortiguard.com/psirt/FG-IR-24-501"
        },
        {
          "published_at": "2025-11-18",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-545",
          "url": "https://www.fortiguard.com/psirt/FG-IR-25-545"
        },
        {
          "published_at": "2025-11-18",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-634",
          "url": "https://www.fortiguard.com/psirt/FG-IR-25-634"
        },
        {
          "published_at": "2025-11-18",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-736",
          "url": "https://www.fortiguard.com/psirt/FG-IR-25-736"
        },
        {
          "published_at": "2025-11-18",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-844",
          "url": "https://www.fortiguard.com/psirt/FG-IR-25-844"
        },
        {
          "published_at": "2025-11-18",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-251",
          "url": "https://www.fortiguard.com/psirt/FG-IR-25-251"
        },
        {
          "published_at": "2025-11-18",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-666",
          "url": "https://www.fortiguard.com/psirt/FG-IR-25-666"
        },
        {
          "published_at": "2025-11-18",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-843",
          "url": "https://www.fortiguard.com/psirt/FG-IR-25-843"
        },
        {
          "published_at": "2025-11-18",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-225",
          "url": "https://www.fortiguard.com/psirt/FG-IR-25-225"
        }
      ]
    }

    CVE-2026-40688 (GCVE-0-2026-40688)

    Vulnerability from nvd – Published: 2026-04-14 22:35 – Updated: 2026-04-16 03:55
    VLAI
    Summary
    An out-of-bounds write vulnerability [CWE-787] vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.3, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4.0 through 7.4.11 may allow a remote privileged attacker to execute arbitrary code or command via crafted HTTP requests.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-787 - Execute unauthorized code or commands
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fortinet FortiWeb Affected: 8.0.0 , ≤ 8.0.3 (semver)
    Affected: 7.6.0 , ≤ 7.6.6 (semver)
    Affected: 7.4.0 , ≤ 7.4.11 (semver)
        cpe:2.3:a:fortinet:fortiweb:8.0.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:8.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:8.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:8.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.6.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.6.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.6.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.6.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.6.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.6.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.6.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.11:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.10:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.9:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-40688",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-15T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-16T03:55:18.342Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:fortinet:fortiweb:8.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:8.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:8.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:8.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.6.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.6.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.6.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.6.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.6.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.6.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.6.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.11:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.10:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiWeb",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "8.0.3",
                  "status": "affected",
                  "version": "8.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.6.6",
                  "status": "affected",
                  "version": "7.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.4.11",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An out-of-bounds write vulnerability [CWE-787] vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.3, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4.0 through 7.4.11 may allow a remote privileged attacker to execute arbitrary code or command via crafted HTTP requests."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "Execute unauthorized code or commands",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-15T08:53:24.743Z",
            "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
            "shortName": "fortinet"
          },
          "references": [
            {
              "name": "https://fortiguard.fortinet.com/psirt/FG-IR-26-127",
              "url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-127"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to FortiWeb version 8.0.4 or above\nUpgrade to FortiWeb version 7.6.7 or above\nUpgrade to FortiWeb version 7.4.12 or above"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "assignerShortName": "fortinet",
        "cveId": "CVE-2026-40688",
        "datePublished": "2026-04-14T22:35:15.438Z",
        "dateReserved": "2026-04-14T22:32:07.399Z",
        "dateUpdated": "2026-04-16T03:55:18.342Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-39814 (GCVE-0-2026-39814)

    Vulnerability from nvd – Published: 2026-04-14 15:38 – Updated: 2026-04-15 03:58
    VLAI
    Summary
    A relative path traversal vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.2, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4.1 through 7.4.12, FortiWeb 7.2.7 through 7.2.12, FortiWeb 7.0.10 through 7.0.12 may allow attacker to execute unauthorized code or commands via <insert attack vector here>
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-23 - Execute unauthorized code or commands
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fortinet FortiWeb Affected: 8.0.0 , ≤ 8.0.2 (semver)
    Affected: 7.6.0 , ≤ 7.6.6 (semver)
    Affected: 7.4.1 , ≤ 7.4.12 (semver)
        cpe:2.3:a:fortinet:fortiweb:8.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:8.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:8.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.6.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.6.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.6.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.6.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.6.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.6.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.6.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.12:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.11:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.10:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.9:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.1:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-39814",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-14T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-15T03:58:21.366Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:fortinet:fortiweb:8.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:8.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:8.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.6.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.6.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.6.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.6.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.6.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.6.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.6.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.12:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.11:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.10:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.1:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiWeb",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "8.0.2",
                  "status": "affected",
                  "version": "8.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.6.6",
                  "status": "affected",
                  "version": "7.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.4.12",
                  "status": "affected",
                  "version": "7.4.1",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A relative path traversal vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.2, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4.1 through 7.4.12, FortiWeb 7.2.7 through 7.2.12, FortiWeb 7.0.10 through 7.0.12 may allow attacker to execute unauthorized code or commands via \u003cinsert attack vector here\u003e"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.2,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-23",
                  "description": "Execute unauthorized code or commands",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-14T15:38:16.660Z",
            "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
            "shortName": "fortinet"
          },
          "references": [
            {
              "name": "https://fortiguard.fortinet.com/psirt/FG-IR-26-114",
              "url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-114"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to FortiWeb version 8.0.3 or above\nUpgrade to FortiWeb version 7.6.7 or above"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "assignerShortName": "fortinet",
        "cveId": "CVE-2026-39814",
        "datePublished": "2026-04-14T15:38:16.660Z",
        "dateReserved": "2026-04-07T15:24:15.182Z",
        "dateUpdated": "2026-04-15T03:58:21.366Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-39811 (GCVE-0-2026-39811)

    Vulnerability from nvd – Published: 2026-04-14 15:38 – Updated: 2026-04-14 16:46
    VLAI
    Summary
    A integer overflow or wraparound vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.3, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4 all versions, FortiWeb 7.2 all versions, FortiWeb 7.0 all versions may allow attacker to denial of service via <insert attack vector here>
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fortinet FortiWeb Affected: 8.0.0 , ≤ 8.0.3 (semver)
    Affected: 7.6.0 , ≤ 7.6.6 (semver)
    Affected: 7.4.0 , ≤ 7.4.12 (semver)
    Affected: 7.2.0 , ≤ 7.2.12 (semver)
    Affected: 7.0.0 , ≤ 7.0.12 (semver)
        cpe:2.3:a:fortinet:fortiweb:8.0.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:8.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:8.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:8.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.6.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.6.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.6.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.6.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.6.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.6.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.6.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.12:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.11:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.10:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.9:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.12:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.11:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.10:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.9:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.12:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.11:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.10:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.9:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-39811",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-14T16:25:41.160205Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-14T16:46:15.353Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:fortinet:fortiweb:8.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:8.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:8.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:8.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.6.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.6.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.6.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.6.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.6.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.6.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.6.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.12:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.11:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.10:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.12:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.11:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.10:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.12:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.11:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.10:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiWeb",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "8.0.3",
                  "status": "affected",
                  "version": "8.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.6.6",
                  "status": "affected",
                  "version": "7.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.4.12",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.2.12",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.12",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A integer overflow or wraparound vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.3, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4 all versions, FortiWeb 7.2 all versions, FortiWeb 7.0 all versions may allow attacker to denial of service via \u003cinsert attack vector here\u003e"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 4.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-190",
                  "description": "Denial of service",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-14T15:38:20.186Z",
            "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
            "shortName": "fortinet"
          },
          "references": [
            {
              "name": "https://fortiguard.fortinet.com/psirt/FG-IR-26-108",
              "url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-108"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to FortiWeb version 8.0.4 or above\nUpgrade to FortiWeb version 7.6.7 or above"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "assignerShortName": "fortinet",
        "cveId": "CVE-2026-39811",
        "datePublished": "2026-04-14T15:38:20.186Z",
        "dateReserved": "2026-04-07T15:24:09.991Z",
        "dateUpdated": "2026-04-14T16:46:15.353Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-30897 (GCVE-0-2026-30897)

    Vulnerability from nvd – Published: 2026-03-10 16:44 – Updated: 2026-03-11 03:56
    VLAI
    Summary
    A stack-based buffer overflow vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.3, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4.0 through 7.4.11, FortiWeb 7.2 all versions, FortiWeb 7.0 all versions may allow a remote authenticated attacker who can bypass stack protection and ASLR to execute arbitrary code or commands via crafted HTTP requests.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-121 - Execute unauthorized code or commands
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fortinet FortiWeb Affected: 8.0.0 , ≤ 8.0.3 (semver)
    Affected: 7.6.0 , ≤ 7.6.6 (semver)
    Affected: 7.4.0 , ≤ 7.4.11 (semver)
    Affected: 7.2.0 , ≤ 7.2.12 (semver)
    Affected: 7.0.0 , ≤ 7.0.12 (semver)
        cpe:2.3:a:fortinet:fortiweb:8.0.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:8.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:8.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:8.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.6.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.6.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.6.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.6.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.6.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.6.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.6.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.11:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.10:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.9:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.12:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.11:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.10:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.9:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.12:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.11:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.10:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.9:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-30897",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-10T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-11T03:56:47.990Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:fortinet:fortiweb:8.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:8.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:8.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:8.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.6.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.6.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.6.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.6.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.6.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.6.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.6.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.11:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.10:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.12:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.11:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.10:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.12:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.11:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.10:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiWeb",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "8.0.3",
                  "status": "affected",
                  "version": "8.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.6.6",
                  "status": "affected",
                  "version": "7.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.4.11",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.2.12",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.12",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A stack-based buffer overflow vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.3, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4.0 through 7.4.11, FortiWeb 7.2 all versions, FortiWeb 7.0 all versions may allow a remote authenticated attacker who can bypass stack protection and ASLR to execute arbitrary code or commands via crafted HTTP requests."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "Execute unauthorized code or commands",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-10T16:44:04.857Z",
            "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
            "shortName": "fortinet"
          },
          "references": [
            {
              "name": "https://fortiguard.fortinet.com/psirt/FG-IR-26-093",
              "url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-093"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to FortiWeb version 8.0.4 or above\nUpgrade to FortiWeb version 7.6.7 or above\nUpgrade to FortiWeb version 7.4.12 or above"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "assignerShortName": "fortinet",
        "cveId": "CVE-2026-30897",
        "datePublished": "2026-03-10T16:44:04.857Z",
        "dateReserved": "2026-03-06T12:49:20.922Z",
        "dateUpdated": "2026-03-11T03:56:47.990Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-24641 (GCVE-0-2026-24641)

    Vulnerability from nvd – Published: 2026-03-10 16:44 – Updated: 2026-03-12 14:27
    VLAI
    Summary
    A NULL Pointer Dereference vulnerability [CWE-476] vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.2, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4 all versions, FortiWeb 7.2 all versions, FortiWeb 7.0 all versions may allow an authenticated attacker to crash the HTTP daemon via crafted HTTP requests.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fortinet FortiWeb Affected: 8.0.0 , ≤ 8.0.2 (semver)
    Affected: 7.6.0 , ≤ 7.6.6 (semver)
    Affected: 7.4.0 , ≤ 7.4.12 (semver)
    Affected: 7.2.0 , ≤ 7.2.12 (semver)
    Affected: 7.0.0 , ≤ 7.0.12 (semver)
        cpe:2.3:a:fortinet:fortiweb:8.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:8.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:8.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.6.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.6.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.6.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.6.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.6.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.6.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.6.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.12:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.11:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.10:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.9:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.12:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.11:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.10:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.9:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.12:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.11:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.10:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.9:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-24641",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-12T14:27:30.386135Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-12T14:27:39.136Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:fortinet:fortiweb:8.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:8.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:8.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.6.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.6.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.6.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.6.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.6.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.6.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.6.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.12:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.11:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.10:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.12:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.11:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.10:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.12:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.11:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.10:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiWeb",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "8.0.2",
                  "status": "affected",
                  "version": "8.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.6.6",
                  "status": "affected",
                  "version": "7.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.4.12",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.2.12",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.12",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A NULL Pointer Dereference vulnerability [CWE-476] vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.2, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4 all versions, FortiWeb 7.2 all versions, FortiWeb 7.0 all versions may allow an authenticated attacker to crash the HTTP daemon via crafted HTTP requests."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 2.5,
                "baseSeverity": "LOW",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-476",
                  "description": "Denial of service",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-10T16:44:20.761Z",
            "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
            "shortName": "fortinet"
          },
          "references": [
            {
              "name": "https://fortiguard.fortinet.com/psirt/FG-IR-26-089",
              "url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-089"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to FortiWeb version 8.0.3 or above\nUpgrade to FortiWeb version 7.6.7 or above"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "assignerShortName": "fortinet",
        "cveId": "CVE-2026-24641",
        "datePublished": "2026-03-10T16:44:20.761Z",
        "dateReserved": "2026-01-23T15:09:07.476Z",
        "dateUpdated": "2026-03-12T14:27:39.136Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-24640 (GCVE-0-2026-24640)

    Vulnerability from nvd – Published: 2026-03-10 16:44 – Updated: 2026-03-11 03:56
    VLAI
    Summary
    A Stack-based Buffer Overflow vulnerability [CWE-121] vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.2, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4 all versions, FortiWeb 7.2 all versions, FortiWeb 7.0.2 through 7.0.12 may allow a remote authenticated attacker who can bypass stack protection and ASLR to execute arbitrary code or commands via crafted HTTP requests.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-121 - Execute unauthorized code or commands
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fortinet FortiWeb Affected: 8.0.0 , ≤ 8.0.2 (semver)
    Affected: 7.6.0 , ≤ 7.6.6 (semver)
    Affected: 7.4.0 , ≤ 7.4.12 (semver)
    Affected: 7.2.0 , ≤ 7.2.12 (semver)
    Affected: 7.0.2 , ≤ 7.0.12 (semver)
        cpe:2.3:a:fortinet:fortiweb:8.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:8.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:8.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.6.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.6.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.6.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.6.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.6.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.6.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.6.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.12:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.11:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.10:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.9:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.12:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.11:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.10:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.9:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.12:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.11:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.10:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.9:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.2:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-24640",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-10T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-11T03:56:46.897Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:fortinet:fortiweb:8.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:8.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:8.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.6.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.6.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.6.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.6.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.6.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.6.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.6.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.12:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.11:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.10:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.12:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.11:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.10:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.12:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.11:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.10:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.2:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiWeb",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "8.0.2",
                  "status": "affected",
                  "version": "8.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.6.6",
                  "status": "affected",
                  "version": "7.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.4.12",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.2.12",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.12",
                  "status": "affected",
                  "version": "7.0.2",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A Stack-based Buffer Overflow vulnerability [CWE-121] vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.2, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4 all versions, FortiWeb 7.2 all versions, FortiWeb 7.0.2 through 7.0.12 may allow a remote authenticated attacker who can bypass stack protection and ASLR to execute arbitrary code or commands via crafted HTTP requests."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "Execute unauthorized code or commands",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-10T16:44:20.721Z",
            "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
            "shortName": "fortinet"
          },
          "references": [
            {
              "name": "https://fortiguard.fortinet.com/psirt/FG-IR-26-087",
              "url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-087"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to FortiWeb version 8.0.3 or above\nUpgrade to FortiWeb version 7.6.7 or above"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "assignerShortName": "fortinet",
        "cveId": "CVE-2026-24640",
        "datePublished": "2026-03-10T16:44:20.721Z",
        "dateReserved": "2026-01-23T15:09:07.476Z",
        "dateUpdated": "2026-03-11T03:56:46.897Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-24017 (GCVE-0-2026-24017)

    Vulnerability from nvd – Published: 2026-03-10 16:44 – Updated: 2026-03-11 03:56
    VLAI
    Summary
    An Improper Control of Interaction Frequency vulnerability [CWE-799] vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.2, FortiWeb 7.6.0 through 7.6.5, FortiWeb 7.4.0 through 7.4.10, FortiWeb 7.2.0 through 7.2.11, FortiWeb 7.0.0 through 7.0.11 may allow a remote unauthenticated attacker to bypass the authentication rate-limit via crafted requests. The success of the attack depends on the attacker's resources and the password target complexity.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-799 - Improper access control
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fortinet FortiWeb Affected: 8.0.0 , ≤ 8.0.2 (semver)
    Affected: 7.6.0 , ≤ 7.6.5 (semver)
    Affected: 7.4.0 , ≤ 7.4.10 (semver)
    Affected: 7.2.0 , ≤ 7.2.11 (semver)
    Affected: 7.0.0 , ≤ 7.0.11 (semver)
        cpe:2.3:a:fortinet:fortiweb:8.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:8.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:8.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.6.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.6.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.6.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.6.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.6.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.6.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.10:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.9:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.11:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.10:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.9:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.11:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.10:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.9:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-24017",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-10T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-11T03:56:50.059Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:fortinet:fortiweb:8.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:8.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:8.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.6.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.6.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.6.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.6.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.6.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.6.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.10:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.11:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.10:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.11:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.10:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiWeb",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "8.0.2",
                  "status": "affected",
                  "version": "8.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.6.5",
                  "status": "affected",
                  "version": "7.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.4.10",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.2.11",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.11",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An Improper Control of Interaction Frequency vulnerability [CWE-799] vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.2, FortiWeb 7.6.0 through 7.6.5, FortiWeb 7.4.0 through 7.4.10, FortiWeb 7.2.0 through 7.2.11, FortiWeb 7.0.0 through 7.0.11 may allow a remote unauthenticated attacker to bypass the authentication rate-limit via crafted requests. The success of the attack depends on the attacker\u0027s resources and the password target complexity."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-799",
                  "description": "Improper access control",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-10T16:44:19.746Z",
            "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
            "shortName": "fortinet"
          },
          "references": [
            {
              "name": "https://fortiguard.fortinet.com/psirt/FG-IR-26-082",
              "url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-082"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to FortiWeb version 8.0.3 or above\nUpgrade to FortiWeb version 7.6.6 or above\nUpgrade to FortiWeb version 7.4.11 or above\nUpgrade to FortiWeb version 7.2.12 or above\nUpgrade to FortiWeb version 7.0.12 or above"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "assignerShortName": "fortinet",
        "cveId": "CVE-2026-24017",
        "datePublished": "2026-03-10T16:44:19.746Z",
        "dateReserved": "2026-01-20T11:13:10.548Z",
        "dateUpdated": "2026-03-11T03:56:50.059Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-66178 (GCVE-0-2025-66178)

    Vulnerability from nvd – Published: 2026-03-10 16:44 – Updated: 2026-03-11 03:56
    VLAI
    Summary
    A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.5, FortiWeb 7.4.0 through 7.4.11, FortiWeb 7.2.0 through 7.2.12, FortiWeb 7.0.0 through 7.0.12 may allow an authenticated attacked to execute arbitrary commands via a specialy crafted HTTP request.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Execute unauthorized code or commands
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fortinet FortiWeb Affected: 8.0.0 , ≤ 8.0.1 (semver)
    Affected: 7.6.0 , ≤ 7.6.5 (semver)
    Affected: 7.4.0 , ≤ 7.4.11 (semver)
    Affected: 7.2.0 , ≤ 7.2.12 (semver)
    Affected: 7.0.0 , ≤ 7.0.12 (semver)
        cpe:2.3:a:fortinet:fortiweb:8.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:8.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.6.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.6.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.6.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.6.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.6.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.6.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.11:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.10:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.9:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.12:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.11:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.10:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.9:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.12:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.11:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.10:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.9:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-66178",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-10T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-11T03:56:45.815Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:fortinet:fortiweb:8.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:8.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.6.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.6.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.6.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.6.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.6.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.6.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.11:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.10:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.12:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.11:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.10:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.12:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.11:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.10:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiWeb",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "8.0.1",
                  "status": "affected",
                  "version": "8.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.6.5",
                  "status": "affected",
                  "version": "7.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.4.11",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.2.12",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.12",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A improper neutralization of special elements used in an os command (\u0027os command injection\u0027) vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.5, FortiWeb 7.4.0 through 7.4.11, FortiWeb 7.2.0 through 7.2.12, FortiWeb 7.0.0 through 7.0.12 may allow an authenticated attacked to execute arbitrary commands via a specialy crafted HTTP request."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "Execute unauthorized code or commands",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-10T16:44:21.731Z",
            "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
            "shortName": "fortinet"
          },
          "references": [
            {
              "name": "https://fortiguard.fortinet.com/psirt/FG-IR-26-088",
              "url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-088"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to FortiWeb version 8.0.3 or above\nUpgrade to FortiWeb version 7.6.7 or above\nUpgrade to FortiWeb version 7.4.12 or above\nUpgrade to upcoming  FortiWeb version 7.2.13 or above\nUpgrade to upcoming  FortiWeb version 7.0.13 or above"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "assignerShortName": "fortinet",
        "cveId": "CVE-2025-66178",
        "datePublished": "2026-03-10T16:44:21.731Z",
        "dateReserved": "2025-11-24T09:07:32.659Z",
        "dateUpdated": "2026-03-11T03:56:45.815Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-48840 (GCVE-0-2025-48840)

    Vulnerability from nvd – Published: 2026-03-10 16:44 – Updated: 2026-03-12 14:29
    VLAI
    Summary
    An authentication bypass by spoofing vulnerability in Fortinet FortiWeb 7.6.0 through 7.6.3, FortiWeb 7.4.0 through 7.4.8, FortiWeb 7.2 all versions, FortiWeb 7.0 all versions may allow a remote unauthenticated attacker to bypass hostname restrictions via a specially crafted request.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-290 - Improper access control
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fortinet FortiWeb Affected: 7.6.0 , ≤ 7.6.3 (semver)
    Affected: 7.4.0 , ≤ 7.4.8 (semver)
    Affected: 7.2.0 , ≤ 7.2.12 (semver)
    Affected: 7.0.0 , ≤ 7.0.12 (semver)
        cpe:2.3:a:fortinet:fortiweb:7.6.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.6.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.6.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.6.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.12:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.11:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.10:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.9:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.12:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.11:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.10:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.9:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-48840",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-12T14:29:49.514729Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-12T14:29:57.399Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:fortinet:fortiweb:7.6.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.6.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.6.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.6.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.12:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.11:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.10:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.12:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.11:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.10:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiWeb",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "7.6.3",
                  "status": "affected",
                  "version": "7.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.4.8",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.2.12",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.12",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An authentication bypass by spoofing vulnerability in Fortinet FortiWeb 7.6.0 through 7.6.3, FortiWeb 7.4.0 through 7.4.8, FortiWeb 7.2 all versions, FortiWeb 7.0 all versions may allow a remote unauthenticated attacker to bypass hostname restrictions via a specially crafted request."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:U/RC:C",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-290",
                  "description": "Improper access control",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-10T16:44:14.182Z",
            "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
            "shortName": "fortinet"
          },
          "references": [
            {
              "name": "https://fortiguard.fortinet.com/psirt/FG-IR-26-097",
              "url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-097"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to FortiWeb version 7.6.4 or above\nUpgrade to FortiWeb version 7.4.9 or above"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "assignerShortName": "fortinet",
        "cveId": "CVE-2025-48840",
        "datePublished": "2026-03-10T16:44:14.182Z",
        "dateReserved": "2025-05-27T08:00:40.715Z",
        "dateUpdated": "2026-03-12T14:29:57.399Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-24858 (GCVE-0-2026-24858)

    Vulnerability from nvd – Published: 2026-01-27 19:18 – Updated: 2026-06-09 14:27
    VLAI CISA KEVIntel
    Summary
    An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.5, FortiAnalyzer 7.4.0 through 7.4.9, FortiAnalyzer 7.2.0 through 7.2.11, FortiAnalyzer 7.0.0 through 7.0.15, FortiManager 7.6.0 through 7.6.5, FortiManager 7.4.0 through 7.4.9, FortiManager 7.2.0 through 7.2.11, FortiManager 7.0.0 through 7.0.15, FortiNAC-F 7.6.3 through 7.6.5, FortiOS 7.6.0 through 7.6.5, FortiOS 7.4.0 through 7.4.10, FortiOS 7.2.0 through 7.2.12, FortiOS 7.0.0 through 7.0.18, FortiProxy 7.6.0 through 7.6.4, FortiProxy 7.4.0 through 7.4.12, FortiProxy 7.2.0 through 7.2.15, FortiProxy 7.0.0 through 7.0.22, FortiWeb 8.0.0 through 8.0.3, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4.0 through 7.4.11 may allow an attacker with a FortiCloud account and a registered device to log into other devices registered to other accounts, if FortiCloud SSO authentication is enabled on those devices.
    SSVC
    Exploitation: active Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-288 - Improper access control
    Assigner
    Impacted products
    Vendor Product Version
    Fortinet FortiWeb Affected: 8.0.0 , ≤ 8.0.3 (semver)
    Affected: 7.6.0 , ≤ 7.6.6 (semver)
    Affected: 7.4.0 , ≤ 7.4.11 (semver)
        cpe:2.3:a:fortinet:fortiweb:8.0.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:8.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:8.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:8.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.6.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.6.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.6.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.6.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.6.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.6.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.6.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.11:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.10:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.9:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Fortinet FortiNAC-F Affected: 7.6.3 , ≤ 7.6.5 (semver)
    Create a notification for this product.
    Fortinet FortiOS Affected: 7.6.0 , ≤ 7.6.5 (semver)
    Affected: 7.4.0 , ≤ 7.4.10 (semver)
    Affected: 7.2.0 , ≤ 7.2.12 (semver)
    Affected: 7.0.0 , ≤ 7.0.18 (semver)
        cpe:2.3:o:fortinet:fortios:7.6.5:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.6.4:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.6.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.6.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.6.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.6.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.10:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.9:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.8:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.7:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.6:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.5:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.4:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.12:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.11:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.10:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.9:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.8:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.7:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.6:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.5:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.4:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.18:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.17:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.16:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.15:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.14:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.13:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.12:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.11:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.10:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.9:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.8:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.7:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.6:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.5:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.4:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Fortinet FortiAnalyzer Affected: 7.6.0 , ≤ 7.6.5 (semver)
    Affected: 7.4.0 , ≤ 7.4.9 (semver)
    Affected: 7.2.0 , ≤ 7.2.11 (semver)
    Affected: 7.0.0 , ≤ 7.0.15 (semver)
        cpe:2.3:o:fortinet:fortianalyzer:7.6.5:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.6.4:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.6.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.6.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.6.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.6.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.4.9:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.4.8:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.4.7:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.4.6:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.4.5:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.4.4:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.4.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.4.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.4.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.4.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.2.11:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.2.10:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.2.9:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.2.8:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.2.7:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.2.6:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.2.5:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.2.4:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.2.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.2.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.2.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.2.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.0.15:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.0.14:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.0.13:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.0.12:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.0.11:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.0.10:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.0.9:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.0.8:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.0.7:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.0.6:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.0.5:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.0.4:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.0.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.0.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.0.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Fortinet FortiProxy Affected: 7.6.0 , ≤ 7.6.4 (semver)
    Affected: 7.4.0 , ≤ 7.4.12 (semver)
    Affected: 7.2.0 , ≤ 7.2.15 (semver)
    Affected: 7.0.0 , ≤ 7.0.22 (semver)
        cpe:2.3:a:fortinet:fortiproxy:7.6.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.6.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.6.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.6.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.6.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.12:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.11:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.10:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.9:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.15:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.14:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.13:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.12:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.11:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.10:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.9:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.22:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.21:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.20:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.19:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.18:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.17:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.16:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.15:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.14:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.13:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.12:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.11:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.10:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.9:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Fortinet FortiManager Affected: 7.6.0 , ≤ 7.6.5 (semver)
    Affected: 7.4.0 , ≤ 7.4.9 (semver)
    Affected: 7.2.0 , ≤ 7.2.11 (semver)
    Affected: 7.0.0 , ≤ 7.0.15 (semver)
        cpe:2.3:o:fortinet:fortimanager:7.6.5:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.6.4:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.6.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.6.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.6.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.6.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.4.9:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.4.8:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.4.7:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.4.6:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.4.5:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.4.4:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.4.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.4.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.4.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.4.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.2.11:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.2.10:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.2.9:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.2.8:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.2.7:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.2.6:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.2.5:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.2.4:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.2.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.2.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.2.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.2.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.0.15:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.0.14:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.0.13:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.0.12:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.0.11:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.0.10:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.0.9:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.0.8:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.0.7:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.0.6:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.0.5:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.0.4:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.0.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.0.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.0.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Siemens RUGGEDCOM APE1808 Affected: 0 , < * (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-24858",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-28T04:55:41.959755Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2026-01-27",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-24858"
                  },
                  "type": "kev"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T15:04:50.331Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-24858"
              },
              {
                "tags": [
                  "vendor-advisory"
                ],
                "url": "https://www.fortinet.com/blog/psirt-blogs/analysis-of-sso-abuse-on-fortios"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          },
          {
            "affected": [
              {
                "defaultStatus": "unknown",
                "product": "RUGGEDCOM APE1808",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-12T12:08:56.335Z",
              "orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
              "shortName": "siemens-SADP"
            },
            "references": [
              {
                "url": "https://cert-portal.siemens.com/productcert/html/ssa-975644.html"
              }
            ],
            "x_adpType": "supplier"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:fortinet:fortiweb:8.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:8.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:8.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:8.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.6.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.6.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.6.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.6.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.6.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.6.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.6.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.11:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.10:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiWeb",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "8.0.3",
                  "status": "affected",
                  "version": "8.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.6.6",
                  "status": "affected",
                  "version": "7.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.4.11",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "cpes": [],
              "defaultStatus": "unaffected",
              "product": "FortiNAC-F",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "7.6.5",
                  "status": "affected",
                  "version": "7.6.3",
                  "versionType": "semver"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:fortinet:fortios:7.6.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.6.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.6.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.6.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.6.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.6.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.10:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.7:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.10:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.7:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.18:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.17:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.16:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.15:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.14:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.13:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.10:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.7:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiOS",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "7.6.5",
                  "status": "affected",
                  "version": "7.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.4.10",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.2.12",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.18",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:fortinet:fortianalyzer:7.6.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.6.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.6.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.6.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.6.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.6.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.4.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.4.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.4.7:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.4.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.4.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.2.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.2.10:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.2.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.2.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.2.7:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.0.15:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.0.14:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.0.13:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.0.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.0.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.0.10:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.0.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.0.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.0.7:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.0.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.0.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.0.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.0.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiAnalyzer",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "7.6.5",
                  "status": "affected",
                  "version": "7.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.4.9",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.2.11",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.15",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:fortinet:fortiproxy:7.6.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.6.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.6.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.6.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.6.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.12:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.11:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.10:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.15:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.14:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.13:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.12:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.11:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.10:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.22:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.21:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.20:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.19:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.18:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.17:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.16:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.15:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.14:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.13:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.12:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.11:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.10:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiProxy",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "7.6.4",
                  "status": "affected",
                  "version": "7.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.4.12",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.2.15",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.22",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:fortinet:fortimanager:7.6.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.6.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.6.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.6.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.6.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.6.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.4.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.4.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.4.7:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.4.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.4.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.2.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.2.10:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.2.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.2.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.2.7:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.0.15:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.0.14:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.0.13:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.0.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.0.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.0.10:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.0.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.0.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.0.7:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.0.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.0.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.0.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.0.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiManager",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "7.6.5",
                  "status": "affected",
                  "version": "7.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.4.9",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.2.11",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.15",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.5, FortiAnalyzer 7.4.0 through 7.4.9, FortiAnalyzer 7.2.0 through 7.2.11, FortiAnalyzer 7.0.0 through 7.0.15, FortiManager 7.6.0 through 7.6.5, FortiManager 7.4.0 through 7.4.9, FortiManager 7.2.0 through 7.2.11, FortiManager 7.0.0 through 7.0.15, FortiNAC-F 7.6.3 through 7.6.5, FortiOS 7.6.0 through 7.6.5, FortiOS 7.4.0 through 7.4.10, FortiOS 7.2.0 through 7.2.12, FortiOS 7.0.0 through 7.0.18, FortiProxy 7.6.0 through 7.6.4, FortiProxy 7.4.0 through 7.4.12, FortiProxy 7.2.0 through 7.2.15, FortiProxy 7.0.0 through 7.0.22, FortiWeb 8.0.0 through 8.0.3, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4.0 through 7.4.11 may allow an attacker with a FortiCloud account and a registered device to log into other devices registered to other accounts, if FortiCloud SSO authentication is enabled on those devices."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.4,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-288",
                  "description": "Improper access control",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-09T14:27:53.379Z",
            "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
            "shortName": "fortinet"
          },
          "references": [
            {
              "name": "https://fortiguard.fortinet.com/psirt/FG-IR-26-060",
              "url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-060"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to upcoming  FortiOS version 8.0.0 or above\nUpgrade to FortiOS version 7.6.6 or above\nUpgrade to FortiOS version 7.4.11 or above\nUpgrade to FortiOS version 7.2.13 or above\nUpgrade to FortiOS version 7.0.19 or above\nUpgrade to upcoming  FortiManager version 8.0.0 or above\nUpgrade to FortiManager version 7.6.6 or above\nUpgrade to FortiManager version 7.4.10 or above\nUpgrade to FortiManager version 7.2.12 or above\nUpgrade to FortiManager version 7.0.16 or above\nUpgrade to FortiAnalyzer version 7.6.6 or above\nUpgrade to FortiAnalyzer version 7.4.10 or above\nUpgrade to FortiAnalyzer version 7.2.12 or above\nUpgrade to FortiAnalyzer version 7.0.16 or above\nUpgrade to FortiProxy version 7.6.5 or above\nUpgrade to FortiProxy version 7.4.13 or above\nUpgrade to FortiProxy version 7.2.16 or above\nUpgrade to FortiProxy version 7.0.23 or above\nUpgrade to FortiWeb version 8.0.4 or above\nUpgrade to FortiWeb version 7.6.7 or above\nUpgrade to FortiWeb version 7.4.12 or above\nUpgrade to FortiNAC-F version 7.6.6 or above\nUpgrade to FortiSwitchManager version 7.2.9 or above\nUpgrade to FortiSwitchManager version 7.0.8 or above"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "assignerShortName": "fortinet",
        "cveId": "CVE-2026-24858",
        "datePublished": "2026-01-27T19:18:23.591Z",
        "dateReserved": "2026-01-27T15:11:02.057Z",
        "dateUpdated": "2026-06-09T14:27:53.379Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-64471 (GCVE-0-2025-64471)

    Vulnerability from nvd – Published: 2025-12-09 17:18 – Updated: 2026-01-14 09:19
    VLAI
    Summary
    A use of password hash instead of password for authentication vulnerability [CWE-836] vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.5, FortiWeb 7.4.0 through 7.4.10, FortiWeb 7.2.0 through 7.2.11, FortiWeb 7.0.0 through 7.0.11 may allow an unauthenticated attacker to use the hash in place of the password to authenticate via crafted HTTP/HTTPS requests
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-836 - Escalation of privilege
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fortinet FortiWeb Affected: 8.0.0 , ≤ 8.0.1 (semver)
    Affected: 7.6.0 , ≤ 7.6.5 (semver)
    Affected: 7.4.0 , ≤ 7.4.10 (semver)
    Affected: 7.2.0 , ≤ 7.2.11 (semver)
    Affected: 7.0.0 , ≤ 7.0.11 (semver)
        cpe:2.3:a:fortinet:fortiweb:8.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:8.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.6.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.6.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.6.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.6.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.6.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.6.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.10:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.9:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.11:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.10:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.9:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.11:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.10:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.9:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-64471",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-09T18:34:29.978564Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-09T18:34:33.479Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:fortinet:fortiweb:8.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:8.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.6.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.6.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.6.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.6.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.6.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.6.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.10:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.11:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.10:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.11:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.10:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiWeb",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "8.0.1",
                  "status": "affected",
                  "version": "8.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.6.5",
                  "status": "affected",
                  "version": "7.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.4.10",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.2.11",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.11",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A use of password hash instead of password for authentication vulnerability [CWE-836] vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.5, FortiWeb 7.4.0 through 7.4.10, FortiWeb 7.2.0 through 7.2.11, FortiWeb 7.0.0 through 7.0.11 may allow an unauthenticated attacker to use the hash in place of the password to authenticate via crafted HTTP/HTTPS requests"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-836",
                  "description": "Escalation of privilege",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-01-14T09:19:24.898Z",
            "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
            "shortName": "fortinet"
          },
          "references": [
            {
              "name": "https://fortiguard.fortinet.com/psirt/FG-IR-25-984",
              "url": "https://fortiguard.fortinet.com/psirt/FG-IR-25-984"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to FortiWeb version 8.0.2 or above\nUpgrade to FortiWeb version 7.6.6 or above\nUpgrade to FortiWeb version 7.4.11 or above\nUpgrade to FortiWeb version 7.2.12 or above\nUpgrade to FortiWeb version 7.0.12 or above"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "assignerShortName": "fortinet",
        "cveId": "CVE-2025-64471",
        "datePublished": "2025-12-09T17:18:44.569Z",
        "dateReserved": "2025-11-05T12:25:48.195Z",
        "dateUpdated": "2026-01-14T09:19:24.898Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-64447 (GCVE-0-2025-64447)

    Vulnerability from nvd – Published: 2025-12-09 17:18 – Updated: 2026-02-26 16:57
    VLAI
    Summary
    A reliance on cookies without validation and integrity checking vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.5, FortiWeb 7.4.0 through 7.4.10, FortiWeb 7.2.0 through 7.2.11, FortiWeb 7.0.0 through 7.0.11 may allow an unauthenticated attacker to execute arbitrary operations on the system via crafted HTTP or HTTPS request via forged cookies, requiring prior knowledge of the FortiWeb serial number.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-565 - Escalation of privilege
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fortinet FortiWeb Affected: 8.0.0 , ≤ 8.0.1 (semver)
    Affected: 7.6.0 , ≤ 7.6.5 (semver)
    Affected: 7.4.0 , ≤ 7.4.10 (semver)
    Affected: 7.2.0 , ≤ 7.2.11 (semver)
    Affected: 7.0.0 , ≤ 7.0.11 (semver)
        cpe:2.3:a:fortinet:fortiweb:8.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:8.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.6.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.6.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.6.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.6.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.6.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.6.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.10:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.9:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.11:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.10:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.9:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.11:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.10:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.9:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-64447",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-10T04:57:33.641740Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T16:57:02.714Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:fortinet:fortiweb:8.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:8.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.6.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.6.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.6.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.6.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.6.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.6.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.10:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.11:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.10:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.11:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.10:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiWeb",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "8.0.1",
                  "status": "affected",
                  "version": "8.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.6.5",
                  "status": "affected",
                  "version": "7.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.4.10",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.2.11",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.11",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A reliance on cookies without validation and integrity checking vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.5, FortiWeb 7.4.0 through 7.4.10, FortiWeb 7.2.0 through 7.2.11, FortiWeb 7.0.0 through 7.0.11 may allow an unauthenticated attacker to execute arbitrary operations on the system via crafted HTTP or HTTPS request via forged cookies, requiring prior knowledge of the FortiWeb serial number."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-565",
                  "description": "Escalation of privilege",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-01-14T09:19:49.321Z",
            "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
            "shortName": "fortinet"
          },
          "references": [
            {
              "name": "https://fortiguard.fortinet.com/psirt/FG-IR-25-945",
              "url": "https://fortiguard.fortinet.com/psirt/FG-IR-25-945"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to FortiWeb version 8.0.2 or above\nUpgrade to FortiWeb version 7.6.6 or above\nUpgrade to FortiWeb version 7.4.11 or above\nUpgrade to FortiWeb version 7.2.12 or above\nUpgrade to FortiWeb version 7.0.12 or above"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "assignerShortName": "fortinet",
        "cveId": "CVE-2025-64447",
        "datePublished": "2025-12-09T17:18:42.318Z",
        "dateReserved": "2025-11-04T14:26:34.042Z",
        "dateUpdated": "2026-02-26T16:57:02.714Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-59719 (GCVE-0-2025-59719)

    Vulnerability from nvd – Published: 2025-12-09 17:20 – Updated: 2026-06-09 09:02
    VLAI ENISA
    Summary
    An improper verification of cryptographic signature vulnerability in Fortinet FortiWeb 8.0.0, FortiWeb 7.6.0 through 7.6.4, FortiWeb 7.4.0 through 7.4.9 may allow an unauthenticated attacker to bypass the FortiCloud SSO login authentication via a crafted SAML response message.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-347 - Improper access control
    Assigner
    Impacted products
    Vendor Product Version
    Fortinet FortiWeb Affected: 8.0.0
    Affected: 7.6.0 , ≤ 7.6.4 (semver)
    Affected: 7.4.0 , ≤ 7.4.9 (semver)
        cpe:2.3:a:fortinet:fortiweb:8.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.6.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.6.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.6.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.6.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.6.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.9:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Siemens RUGGEDCOM APE1808 Affected: 0 , < * (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-59719",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-10T04:57:28.019701Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T16:56:59.225Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "affected": [
              {
                "defaultStatus": "unknown",
                "product": "RUGGEDCOM APE1808",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-09T09:02:40.137Z",
              "orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
              "shortName": "siemens-SADP"
            },
            "references": [
              {
                "url": "https://cert-portal.siemens.com/productcert/html/ssa-864900.html"
              }
            ],
            "x_adpType": "supplier"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:fortinet:fortiweb:8.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.6.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.6.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.6.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.6.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.6.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiWeb",
              "vendor": "Fortinet",
              "versions": [
                {
                  "status": "affected",
                  "version": "8.0.0"
                },
                {
                  "lessThanOrEqual": "7.6.4",
                  "status": "affected",
                  "version": "7.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.4.9",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An improper verification of cryptographic signature vulnerability in Fortinet FortiWeb 8.0.0, FortiWeb 7.6.0 through 7.6.4, FortiWeb 7.4.0 through 7.4.9 may allow an unauthenticated attacker to bypass the FortiCloud SSO login authentication via a crafted SAML response message."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.1,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-347",
                  "description": "Improper access control",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-20T12:39:05.692Z",
            "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
            "shortName": "fortinet"
          },
          "references": [
            {
              "name": "https://fortiguard.fortinet.com/psirt/FG-IR-25-647",
              "url": "https://fortiguard.fortinet.com/psirt/FG-IR-25-647"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to FortiSwitchManager version 7.2.7 or above\nUpgrade to FortiSwitchManager version 7.0.6 or above\nUpgrade to FortiProxy version 7.6.4 or above\nUpgrade to FortiProxy version 7.4.11 or above\nUpgrade to FortiProxy version 7.2.15 or above\nUpgrade to FortiProxy version 7.0.22 or above\nUpgrade to FortiOS version 7.6.4 or above\nUpgrade to FortiOS version 7.4.9 or above\nUpgrade to FortiOS version 7.2.12 or above\nUpgrade to FortiOS version 7.0.18 or above\nUpgrade to FortiWeb version 8.0.1 or above\nUpgrade to FortiWeb version 7.6.5 or above\nUpgrade to FortiWeb version 7.4.10 or above\nFortinet remediated this issue in FortiSASE version 25.3.b and hence customers do not need to perform any action.\nUpgrade to FortiPAM version 1.8.0 or above"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "assignerShortName": "fortinet",
        "cveId": "CVE-2025-59719",
        "datePublished": "2025-12-09T17:20:11.763Z",
        "dateReserved": "2025-09-19T04:30:39.464Z",
        "dateUpdated": "2026-06-09T09:02:40.137Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-40688 (GCVE-0-2026-40688)

    Vulnerability from cvelistv5 – Published: 2026-04-14 22:35 – Updated: 2026-04-16 03:55
    VLAI
    Summary
    An out-of-bounds write vulnerability [CWE-787] vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.3, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4.0 through 7.4.11 may allow a remote privileged attacker to execute arbitrary code or command via crafted HTTP requests.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-787 - Execute unauthorized code or commands
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fortinet FortiWeb Affected: 8.0.0 , ≤ 8.0.3 (semver)
    Affected: 7.6.0 , ≤ 7.6.6 (semver)
    Affected: 7.4.0 , ≤ 7.4.11 (semver)
        cpe:2.3:a:fortinet:fortiweb:8.0.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:8.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:8.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:8.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.6.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.6.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.6.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.6.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.6.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.6.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.6.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.11:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.10:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.9:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-40688",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-15T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-16T03:55:18.342Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:fortinet:fortiweb:8.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:8.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:8.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:8.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.6.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.6.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.6.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.6.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.6.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.6.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.6.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.11:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.10:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiWeb",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "8.0.3",
                  "status": "affected",
                  "version": "8.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.6.6",
                  "status": "affected",
                  "version": "7.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.4.11",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An out-of-bounds write vulnerability [CWE-787] vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.3, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4.0 through 7.4.11 may allow a remote privileged attacker to execute arbitrary code or command via crafted HTTP requests."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "Execute unauthorized code or commands",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-15T08:53:24.743Z",
            "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
            "shortName": "fortinet"
          },
          "references": [
            {
              "name": "https://fortiguard.fortinet.com/psirt/FG-IR-26-127",
              "url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-127"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to FortiWeb version 8.0.4 or above\nUpgrade to FortiWeb version 7.6.7 or above\nUpgrade to FortiWeb version 7.4.12 or above"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "assignerShortName": "fortinet",
        "cveId": "CVE-2026-40688",
        "datePublished": "2026-04-14T22:35:15.438Z",
        "dateReserved": "2026-04-14T22:32:07.399Z",
        "dateUpdated": "2026-04-16T03:55:18.342Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-39811 (GCVE-0-2026-39811)

    Vulnerability from cvelistv5 – Published: 2026-04-14 15:38 – Updated: 2026-04-14 16:46
    VLAI
    Summary
    A integer overflow or wraparound vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.3, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4 all versions, FortiWeb 7.2 all versions, FortiWeb 7.0 all versions may allow attacker to denial of service via <insert attack vector here>
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fortinet FortiWeb Affected: 8.0.0 , ≤ 8.0.3 (semver)
    Affected: 7.6.0 , ≤ 7.6.6 (semver)
    Affected: 7.4.0 , ≤ 7.4.12 (semver)
    Affected: 7.2.0 , ≤ 7.2.12 (semver)
    Affected: 7.0.0 , ≤ 7.0.12 (semver)
        cpe:2.3:a:fortinet:fortiweb:8.0.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:8.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:8.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:8.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.6.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.6.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.6.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.6.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.6.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.6.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.6.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.12:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.11:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.10:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.9:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.12:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.11:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.10:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.9:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.12:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.11:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.10:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.9:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-39811",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-14T16:25:41.160205Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-14T16:46:15.353Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:fortinet:fortiweb:8.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:8.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:8.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:8.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.6.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.6.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.6.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.6.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.6.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.6.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.6.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.12:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.11:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.10:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.12:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.11:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.10:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.12:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.11:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.10:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiWeb",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "8.0.3",
                  "status": "affected",
                  "version": "8.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.6.6",
                  "status": "affected",
                  "version": "7.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.4.12",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.2.12",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.12",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A integer overflow or wraparound vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.3, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4 all versions, FortiWeb 7.2 all versions, FortiWeb 7.0 all versions may allow attacker to denial of service via \u003cinsert attack vector here\u003e"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 4.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-190",
                  "description": "Denial of service",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-14T15:38:20.186Z",
            "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
            "shortName": "fortinet"
          },
          "references": [
            {
              "name": "https://fortiguard.fortinet.com/psirt/FG-IR-26-108",
              "url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-108"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to FortiWeb version 8.0.4 or above\nUpgrade to FortiWeb version 7.6.7 or above"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "assignerShortName": "fortinet",
        "cveId": "CVE-2026-39811",
        "datePublished": "2026-04-14T15:38:20.186Z",
        "dateReserved": "2026-04-07T15:24:09.991Z",
        "dateUpdated": "2026-04-14T16:46:15.353Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-39814 (GCVE-0-2026-39814)

    Vulnerability from cvelistv5 – Published: 2026-04-14 15:38 – Updated: 2026-04-15 03:58
    VLAI
    Summary
    A relative path traversal vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.2, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4.1 through 7.4.12, FortiWeb 7.2.7 through 7.2.12, FortiWeb 7.0.10 through 7.0.12 may allow attacker to execute unauthorized code or commands via <insert attack vector here>
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-23 - Execute unauthorized code or commands
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fortinet FortiWeb Affected: 8.0.0 , ≤ 8.0.2 (semver)
    Affected: 7.6.0 , ≤ 7.6.6 (semver)
    Affected: 7.4.1 , ≤ 7.4.12 (semver)
        cpe:2.3:a:fortinet:fortiweb:8.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:8.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:8.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.6.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.6.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.6.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.6.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.6.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.6.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.6.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.12:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.11:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.10:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.9:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.1:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-39814",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-14T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-15T03:58:21.366Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:fortinet:fortiweb:8.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:8.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:8.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.6.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.6.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.6.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.6.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.6.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.6.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.6.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.12:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.11:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.10:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.1:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiWeb",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "8.0.2",
                  "status": "affected",
                  "version": "8.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.6.6",
                  "status": "affected",
                  "version": "7.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.4.12",
                  "status": "affected",
                  "version": "7.4.1",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A relative path traversal vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.2, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4.1 through 7.4.12, FortiWeb 7.2.7 through 7.2.12, FortiWeb 7.0.10 through 7.0.12 may allow attacker to execute unauthorized code or commands via \u003cinsert attack vector here\u003e"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.2,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-23",
                  "description": "Execute unauthorized code or commands",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-14T15:38:16.660Z",
            "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
            "shortName": "fortinet"
          },
          "references": [
            {
              "name": "https://fortiguard.fortinet.com/psirt/FG-IR-26-114",
              "url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-114"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to FortiWeb version 8.0.3 or above\nUpgrade to FortiWeb version 7.6.7 or above"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "assignerShortName": "fortinet",
        "cveId": "CVE-2026-39814",
        "datePublished": "2026-04-14T15:38:16.660Z",
        "dateReserved": "2026-04-07T15:24:15.182Z",
        "dateUpdated": "2026-04-15T03:58:21.366Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-66178 (GCVE-0-2025-66178)

    Vulnerability from cvelistv5 – Published: 2026-03-10 16:44 – Updated: 2026-03-11 03:56
    VLAI
    Summary
    A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.5, FortiWeb 7.4.0 through 7.4.11, FortiWeb 7.2.0 through 7.2.12, FortiWeb 7.0.0 through 7.0.12 may allow an authenticated attacked to execute arbitrary commands via a specialy crafted HTTP request.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Execute unauthorized code or commands
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fortinet FortiWeb Affected: 8.0.0 , ≤ 8.0.1 (semver)
    Affected: 7.6.0 , ≤ 7.6.5 (semver)
    Affected: 7.4.0 , ≤ 7.4.11 (semver)
    Affected: 7.2.0 , ≤ 7.2.12 (semver)
    Affected: 7.0.0 , ≤ 7.0.12 (semver)
        cpe:2.3:a:fortinet:fortiweb:8.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:8.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.6.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.6.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.6.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.6.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.6.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.6.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.11:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.10:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.9:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.12:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.11:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.10:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.9:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.12:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.11:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.10:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.9:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-66178",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-10T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-11T03:56:45.815Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:fortinet:fortiweb:8.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:8.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.6.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.6.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.6.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.6.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.6.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.6.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.11:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.10:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.12:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.11:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.10:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.12:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.11:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.10:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiWeb",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "8.0.1",
                  "status": "affected",
                  "version": "8.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.6.5",
                  "status": "affected",
                  "version": "7.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.4.11",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.2.12",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.12",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A improper neutralization of special elements used in an os command (\u0027os command injection\u0027) vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.5, FortiWeb 7.4.0 through 7.4.11, FortiWeb 7.2.0 through 7.2.12, FortiWeb 7.0.0 through 7.0.12 may allow an authenticated attacked to execute arbitrary commands via a specialy crafted HTTP request."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "Execute unauthorized code or commands",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-10T16:44:21.731Z",
            "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
            "shortName": "fortinet"
          },
          "references": [
            {
              "name": "https://fortiguard.fortinet.com/psirt/FG-IR-26-088",
              "url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-088"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to FortiWeb version 8.0.3 or above\nUpgrade to FortiWeb version 7.6.7 or above\nUpgrade to FortiWeb version 7.4.12 or above\nUpgrade to upcoming  FortiWeb version 7.2.13 or above\nUpgrade to upcoming  FortiWeb version 7.0.13 or above"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "assignerShortName": "fortinet",
        "cveId": "CVE-2025-66178",
        "datePublished": "2026-03-10T16:44:21.731Z",
        "dateReserved": "2025-11-24T09:07:32.659Z",
        "dateUpdated": "2026-03-11T03:56:45.815Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-24641 (GCVE-0-2026-24641)

    Vulnerability from cvelistv5 – Published: 2026-03-10 16:44 – Updated: 2026-03-12 14:27
    VLAI
    Summary
    A NULL Pointer Dereference vulnerability [CWE-476] vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.2, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4 all versions, FortiWeb 7.2 all versions, FortiWeb 7.0 all versions may allow an authenticated attacker to crash the HTTP daemon via crafted HTTP requests.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fortinet FortiWeb Affected: 8.0.0 , ≤ 8.0.2 (semver)
    Affected: 7.6.0 , ≤ 7.6.6 (semver)
    Affected: 7.4.0 , ≤ 7.4.12 (semver)
    Affected: 7.2.0 , ≤ 7.2.12 (semver)
    Affected: 7.0.0 , ≤ 7.0.12 (semver)
        cpe:2.3:a:fortinet:fortiweb:8.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:8.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:8.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.6.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.6.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.6.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.6.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.6.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.6.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.6.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.12:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.11:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.10:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.9:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.12:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.11:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.10:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.9:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.12:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.11:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.10:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.9:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-24641",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-12T14:27:30.386135Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-12T14:27:39.136Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:fortinet:fortiweb:8.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:8.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:8.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.6.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.6.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.6.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.6.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.6.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.6.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.6.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.12:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.11:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.10:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.12:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.11:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.10:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.12:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.11:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.10:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiWeb",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "8.0.2",
                  "status": "affected",
                  "version": "8.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.6.6",
                  "status": "affected",
                  "version": "7.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.4.12",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.2.12",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.12",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A NULL Pointer Dereference vulnerability [CWE-476] vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.2, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4 all versions, FortiWeb 7.2 all versions, FortiWeb 7.0 all versions may allow an authenticated attacker to crash the HTTP daemon via crafted HTTP requests."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 2.5,
                "baseSeverity": "LOW",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-476",
                  "description": "Denial of service",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-10T16:44:20.761Z",
            "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
            "shortName": "fortinet"
          },
          "references": [
            {
              "name": "https://fortiguard.fortinet.com/psirt/FG-IR-26-089",
              "url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-089"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to FortiWeb version 8.0.3 or above\nUpgrade to FortiWeb version 7.6.7 or above"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "assignerShortName": "fortinet",
        "cveId": "CVE-2026-24641",
        "datePublished": "2026-03-10T16:44:20.761Z",
        "dateReserved": "2026-01-23T15:09:07.476Z",
        "dateUpdated": "2026-03-12T14:27:39.136Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-24640 (GCVE-0-2026-24640)

    Vulnerability from cvelistv5 – Published: 2026-03-10 16:44 – Updated: 2026-03-11 03:56
    VLAI
    Summary
    A Stack-based Buffer Overflow vulnerability [CWE-121] vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.2, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4 all versions, FortiWeb 7.2 all versions, FortiWeb 7.0.2 through 7.0.12 may allow a remote authenticated attacker who can bypass stack protection and ASLR to execute arbitrary code or commands via crafted HTTP requests.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-121 - Execute unauthorized code or commands
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fortinet FortiWeb Affected: 8.0.0 , ≤ 8.0.2 (semver)
    Affected: 7.6.0 , ≤ 7.6.6 (semver)
    Affected: 7.4.0 , ≤ 7.4.12 (semver)
    Affected: 7.2.0 , ≤ 7.2.12 (semver)
    Affected: 7.0.2 , ≤ 7.0.12 (semver)
        cpe:2.3:a:fortinet:fortiweb:8.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:8.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:8.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.6.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.6.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.6.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.6.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.6.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.6.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.6.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.12:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.11:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.10:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.9:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.12:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.11:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.10:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.9:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.12:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.11:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.10:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.9:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.2:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-24640",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-10T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-11T03:56:46.897Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:fortinet:fortiweb:8.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:8.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:8.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.6.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.6.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.6.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.6.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.6.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.6.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.6.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.12:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.11:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.10:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.12:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.11:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.10:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.12:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.11:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.10:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.2:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiWeb",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "8.0.2",
                  "status": "affected",
                  "version": "8.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.6.6",
                  "status": "affected",
                  "version": "7.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.4.12",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.2.12",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.12",
                  "status": "affected",
                  "version": "7.0.2",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A Stack-based Buffer Overflow vulnerability [CWE-121] vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.2, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4 all versions, FortiWeb 7.2 all versions, FortiWeb 7.0.2 through 7.0.12 may allow a remote authenticated attacker who can bypass stack protection and ASLR to execute arbitrary code or commands via crafted HTTP requests."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "Execute unauthorized code or commands",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-10T16:44:20.721Z",
            "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
            "shortName": "fortinet"
          },
          "references": [
            {
              "name": "https://fortiguard.fortinet.com/psirt/FG-IR-26-087",
              "url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-087"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to FortiWeb version 8.0.3 or above\nUpgrade to FortiWeb version 7.6.7 or above"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "assignerShortName": "fortinet",
        "cveId": "CVE-2026-24640",
        "datePublished": "2026-03-10T16:44:20.721Z",
        "dateReserved": "2026-01-23T15:09:07.476Z",
        "dateUpdated": "2026-03-11T03:56:46.897Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-24017 (GCVE-0-2026-24017)

    Vulnerability from cvelistv5 – Published: 2026-03-10 16:44 – Updated: 2026-03-11 03:56
    VLAI
    Summary
    An Improper Control of Interaction Frequency vulnerability [CWE-799] vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.2, FortiWeb 7.6.0 through 7.6.5, FortiWeb 7.4.0 through 7.4.10, FortiWeb 7.2.0 through 7.2.11, FortiWeb 7.0.0 through 7.0.11 may allow a remote unauthenticated attacker to bypass the authentication rate-limit via crafted requests. The success of the attack depends on the attacker's resources and the password target complexity.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-799 - Improper access control
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fortinet FortiWeb Affected: 8.0.0 , ≤ 8.0.2 (semver)
    Affected: 7.6.0 , ≤ 7.6.5 (semver)
    Affected: 7.4.0 , ≤ 7.4.10 (semver)
    Affected: 7.2.0 , ≤ 7.2.11 (semver)
    Affected: 7.0.0 , ≤ 7.0.11 (semver)
        cpe:2.3:a:fortinet:fortiweb:8.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:8.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:8.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.6.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.6.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.6.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.6.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.6.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.6.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.10:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.9:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.11:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.10:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.9:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.11:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.10:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.9:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-24017",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-10T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-11T03:56:50.059Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:fortinet:fortiweb:8.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:8.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:8.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.6.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.6.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.6.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.6.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.6.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.6.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.10:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.11:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.10:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.11:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.10:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiWeb",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "8.0.2",
                  "status": "affected",
                  "version": "8.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.6.5",
                  "status": "affected",
                  "version": "7.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.4.10",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.2.11",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.11",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An Improper Control of Interaction Frequency vulnerability [CWE-799] vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.2, FortiWeb 7.6.0 through 7.6.5, FortiWeb 7.4.0 through 7.4.10, FortiWeb 7.2.0 through 7.2.11, FortiWeb 7.0.0 through 7.0.11 may allow a remote unauthenticated attacker to bypass the authentication rate-limit via crafted requests. The success of the attack depends on the attacker\u0027s resources and the password target complexity."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-799",
                  "description": "Improper access control",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-10T16:44:19.746Z",
            "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
            "shortName": "fortinet"
          },
          "references": [
            {
              "name": "https://fortiguard.fortinet.com/psirt/FG-IR-26-082",
              "url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-082"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to FortiWeb version 8.0.3 or above\nUpgrade to FortiWeb version 7.6.6 or above\nUpgrade to FortiWeb version 7.4.11 or above\nUpgrade to FortiWeb version 7.2.12 or above\nUpgrade to FortiWeb version 7.0.12 or above"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "assignerShortName": "fortinet",
        "cveId": "CVE-2026-24017",
        "datePublished": "2026-03-10T16:44:19.746Z",
        "dateReserved": "2026-01-20T11:13:10.548Z",
        "dateUpdated": "2026-03-11T03:56:50.059Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-48840 (GCVE-0-2025-48840)

    Vulnerability from cvelistv5 – Published: 2026-03-10 16:44 – Updated: 2026-03-12 14:29
    VLAI
    Summary
    An authentication bypass by spoofing vulnerability in Fortinet FortiWeb 7.6.0 through 7.6.3, FortiWeb 7.4.0 through 7.4.8, FortiWeb 7.2 all versions, FortiWeb 7.0 all versions may allow a remote unauthenticated attacker to bypass hostname restrictions via a specially crafted request.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-290 - Improper access control
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fortinet FortiWeb Affected: 7.6.0 , ≤ 7.6.3 (semver)
    Affected: 7.4.0 , ≤ 7.4.8 (semver)
    Affected: 7.2.0 , ≤ 7.2.12 (semver)
    Affected: 7.0.0 , ≤ 7.0.12 (semver)
        cpe:2.3:a:fortinet:fortiweb:7.6.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.6.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.6.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.6.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.12:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.11:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.10:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.9:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.12:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.11:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.10:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.9:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-48840",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-12T14:29:49.514729Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-12T14:29:57.399Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:fortinet:fortiweb:7.6.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.6.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.6.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.6.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.12:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.11:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.10:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.12:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.11:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.10:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiWeb",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "7.6.3",
                  "status": "affected",
                  "version": "7.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.4.8",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.2.12",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.12",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An authentication bypass by spoofing vulnerability in Fortinet FortiWeb 7.6.0 through 7.6.3, FortiWeb 7.4.0 through 7.4.8, FortiWeb 7.2 all versions, FortiWeb 7.0 all versions may allow a remote unauthenticated attacker to bypass hostname restrictions via a specially crafted request."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:U/RC:C",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-290",
                  "description": "Improper access control",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-10T16:44:14.182Z",
            "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
            "shortName": "fortinet"
          },
          "references": [
            {
              "name": "https://fortiguard.fortinet.com/psirt/FG-IR-26-097",
              "url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-097"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to FortiWeb version 7.6.4 or above\nUpgrade to FortiWeb version 7.4.9 or above"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "assignerShortName": "fortinet",
        "cveId": "CVE-2025-48840",
        "datePublished": "2026-03-10T16:44:14.182Z",
        "dateReserved": "2025-05-27T08:00:40.715Z",
        "dateUpdated": "2026-03-12T14:29:57.399Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-30897 (GCVE-0-2026-30897)

    Vulnerability from cvelistv5 – Published: 2026-03-10 16:44 – Updated: 2026-03-11 03:56
    VLAI
    Summary
    A stack-based buffer overflow vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.3, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4.0 through 7.4.11, FortiWeb 7.2 all versions, FortiWeb 7.0 all versions may allow a remote authenticated attacker who can bypass stack protection and ASLR to execute arbitrary code or commands via crafted HTTP requests.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-121 - Execute unauthorized code or commands
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fortinet FortiWeb Affected: 8.0.0 , ≤ 8.0.3 (semver)
    Affected: 7.6.0 , ≤ 7.6.6 (semver)
    Affected: 7.4.0 , ≤ 7.4.11 (semver)
    Affected: 7.2.0 , ≤ 7.2.12 (semver)
    Affected: 7.0.0 , ≤ 7.0.12 (semver)
        cpe:2.3:a:fortinet:fortiweb:8.0.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:8.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:8.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:8.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.6.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.6.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.6.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.6.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.6.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.6.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.6.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.11:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.10:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.9:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.12:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.11:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.10:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.9:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.12:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.11:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.10:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.9:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-30897",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-10T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-11T03:56:47.990Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:fortinet:fortiweb:8.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:8.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:8.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:8.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.6.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.6.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.6.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.6.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.6.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.6.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.6.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.11:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.10:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.12:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.11:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.10:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.12:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.11:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.10:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiWeb",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "8.0.3",
                  "status": "affected",
                  "version": "8.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.6.6",
                  "status": "affected",
                  "version": "7.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.4.11",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.2.12",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.12",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A stack-based buffer overflow vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.3, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4.0 through 7.4.11, FortiWeb 7.2 all versions, FortiWeb 7.0 all versions may allow a remote authenticated attacker who can bypass stack protection and ASLR to execute arbitrary code or commands via crafted HTTP requests."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "Execute unauthorized code or commands",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-10T16:44:04.857Z",
            "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
            "shortName": "fortinet"
          },
          "references": [
            {
              "name": "https://fortiguard.fortinet.com/psirt/FG-IR-26-093",
              "url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-093"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to FortiWeb version 8.0.4 or above\nUpgrade to FortiWeb version 7.6.7 or above\nUpgrade to FortiWeb version 7.4.12 or above"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "assignerShortName": "fortinet",
        "cveId": "CVE-2026-30897",
        "datePublished": "2026-03-10T16:44:04.857Z",
        "dateReserved": "2026-03-06T12:49:20.922Z",
        "dateUpdated": "2026-03-11T03:56:47.990Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-24858 (GCVE-0-2026-24858)

    Vulnerability from cvelistv5 – Published: 2026-01-27 19:18 – Updated: 2026-06-09 14:27
    VLAI CISA KEVIntel
    Summary
    An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.5, FortiAnalyzer 7.4.0 through 7.4.9, FortiAnalyzer 7.2.0 through 7.2.11, FortiAnalyzer 7.0.0 through 7.0.15, FortiManager 7.6.0 through 7.6.5, FortiManager 7.4.0 through 7.4.9, FortiManager 7.2.0 through 7.2.11, FortiManager 7.0.0 through 7.0.15, FortiNAC-F 7.6.3 through 7.6.5, FortiOS 7.6.0 through 7.6.5, FortiOS 7.4.0 through 7.4.10, FortiOS 7.2.0 through 7.2.12, FortiOS 7.0.0 through 7.0.18, FortiProxy 7.6.0 through 7.6.4, FortiProxy 7.4.0 through 7.4.12, FortiProxy 7.2.0 through 7.2.15, FortiProxy 7.0.0 through 7.0.22, FortiWeb 8.0.0 through 8.0.3, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4.0 through 7.4.11 may allow an attacker with a FortiCloud account and a registered device to log into other devices registered to other accounts, if FortiCloud SSO authentication is enabled on those devices.
    SSVC
    Exploitation: active Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-288 - Improper access control
    Assigner
    Impacted products
    Vendor Product Version
    Fortinet FortiWeb Affected: 8.0.0 , ≤ 8.0.3 (semver)
    Affected: 7.6.0 , ≤ 7.6.6 (semver)
    Affected: 7.4.0 , ≤ 7.4.11 (semver)
        cpe:2.3:a:fortinet:fortiweb:8.0.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:8.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:8.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:8.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.6.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.6.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.6.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.6.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.6.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.6.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.6.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.11:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.10:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.9:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Fortinet FortiNAC-F Affected: 7.6.3 , ≤ 7.6.5 (semver)
    Create a notification for this product.
    Fortinet FortiOS Affected: 7.6.0 , ≤ 7.6.5 (semver)
    Affected: 7.4.0 , ≤ 7.4.10 (semver)
    Affected: 7.2.0 , ≤ 7.2.12 (semver)
    Affected: 7.0.0 , ≤ 7.0.18 (semver)
        cpe:2.3:o:fortinet:fortios:7.6.5:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.6.4:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.6.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.6.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.6.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.6.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.10:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.9:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.8:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.7:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.6:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.5:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.4:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.12:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.11:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.10:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.9:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.8:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.7:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.6:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.5:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.4:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.18:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.17:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.16:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.15:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.14:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.13:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.12:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.11:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.10:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.9:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.8:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.7:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.6:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.5:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.4:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Fortinet FortiAnalyzer Affected: 7.6.0 , ≤ 7.6.5 (semver)
    Affected: 7.4.0 , ≤ 7.4.9 (semver)
    Affected: 7.2.0 , ≤ 7.2.11 (semver)
    Affected: 7.0.0 , ≤ 7.0.15 (semver)
        cpe:2.3:o:fortinet:fortianalyzer:7.6.5:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.6.4:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.6.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.6.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.6.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.6.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.4.9:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.4.8:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.4.7:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.4.6:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.4.5:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.4.4:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.4.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.4.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.4.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.4.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.2.11:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.2.10:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.2.9:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.2.8:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.2.7:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.2.6:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.2.5:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.2.4:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.2.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.2.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.2.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.2.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.0.15:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.0.14:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.0.13:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.0.12:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.0.11:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.0.10:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.0.9:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.0.8:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.0.7:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.0.6:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.0.5:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.0.4:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.0.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.0.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.0.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Fortinet FortiProxy Affected: 7.6.0 , ≤ 7.6.4 (semver)
    Affected: 7.4.0 , ≤ 7.4.12 (semver)
    Affected: 7.2.0 , ≤ 7.2.15 (semver)
    Affected: 7.0.0 , ≤ 7.0.22 (semver)
        cpe:2.3:a:fortinet:fortiproxy:7.6.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.6.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.6.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.6.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.6.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.12:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.11:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.10:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.9:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.15:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.14:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.13:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.12:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.11:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.10:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.9:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.22:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.21:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.20:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.19:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.18:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.17:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.16:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.15:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.14:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.13:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.12:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.11:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.10:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.9:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Fortinet FortiManager Affected: 7.6.0 , ≤ 7.6.5 (semver)
    Affected: 7.4.0 , ≤ 7.4.9 (semver)
    Affected: 7.2.0 , ≤ 7.2.11 (semver)
    Affected: 7.0.0 , ≤ 7.0.15 (semver)
        cpe:2.3:o:fortinet:fortimanager:7.6.5:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.6.4:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.6.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.6.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.6.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.6.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.4.9:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.4.8:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.4.7:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.4.6:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.4.5:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.4.4:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.4.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.4.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.4.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.4.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.2.11:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.2.10:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.2.9:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.2.8:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.2.7:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.2.6:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.2.5:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.2.4:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.2.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.2.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.2.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.2.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.0.15:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.0.14:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.0.13:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.0.12:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.0.11:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.0.10:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.0.9:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.0.8:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.0.7:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.0.6:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.0.5:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.0.4:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.0.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.0.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.0.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Siemens RUGGEDCOM APE1808 Affected: 0 , < * (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-24858",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-28T04:55:41.959755Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2026-01-27",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-24858"
                  },
                  "type": "kev"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T15:04:50.331Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-24858"
              },
              {
                "tags": [
                  "vendor-advisory"
                ],
                "url": "https://www.fortinet.com/blog/psirt-blogs/analysis-of-sso-abuse-on-fortios"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          },
          {
            "affected": [
              {
                "defaultStatus": "unknown",
                "product": "RUGGEDCOM APE1808",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-12T12:08:56.335Z",
              "orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
              "shortName": "siemens-SADP"
            },
            "references": [
              {
                "url": "https://cert-portal.siemens.com/productcert/html/ssa-975644.html"
              }
            ],
            "x_adpType": "supplier"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:fortinet:fortiweb:8.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:8.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:8.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:8.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.6.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.6.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.6.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.6.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.6.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.6.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.6.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.11:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.10:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiWeb",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "8.0.3",
                  "status": "affected",
                  "version": "8.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.6.6",
                  "status": "affected",
                  "version": "7.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.4.11",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "cpes": [],
              "defaultStatus": "unaffected",
              "product": "FortiNAC-F",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "7.6.5",
                  "status": "affected",
                  "version": "7.6.3",
                  "versionType": "semver"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:fortinet:fortios:7.6.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.6.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.6.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.6.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.6.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.6.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.10:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.7:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.10:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.7:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.18:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.17:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.16:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.15:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.14:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.13:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.10:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.7:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiOS",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "7.6.5",
                  "status": "affected",
                  "version": "7.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.4.10",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.2.12",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.18",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:fortinet:fortianalyzer:7.6.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.6.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.6.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.6.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.6.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.6.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.4.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.4.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.4.7:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.4.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.4.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.2.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.2.10:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.2.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.2.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.2.7:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.0.15:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.0.14:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.0.13:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.0.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.0.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.0.10:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.0.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.0.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.0.7:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.0.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.0.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.0.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.0.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiAnalyzer",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "7.6.5",
                  "status": "affected",
                  "version": "7.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.4.9",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.2.11",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.15",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:fortinet:fortiproxy:7.6.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.6.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.6.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.6.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.6.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.12:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.11:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.10:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.15:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.14:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.13:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.12:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.11:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.10:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.22:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.21:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.20:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.19:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.18:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.17:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.16:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.15:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.14:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.13:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.12:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.11:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.10:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiProxy",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "7.6.4",
                  "status": "affected",
                  "version": "7.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.4.12",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.2.15",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.22",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:fortinet:fortimanager:7.6.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.6.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.6.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.6.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.6.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.6.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.4.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.4.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.4.7:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.4.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.4.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.2.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.2.10:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.2.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.2.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.2.7:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.0.15:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.0.14:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.0.13:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.0.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.0.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.0.10:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.0.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.0.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.0.7:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.0.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.0.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.0.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.0.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiManager",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "7.6.5",
                  "status": "affected",
                  "version": "7.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.4.9",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.2.11",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.15",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.5, FortiAnalyzer 7.4.0 through 7.4.9, FortiAnalyzer 7.2.0 through 7.2.11, FortiAnalyzer 7.0.0 through 7.0.15, FortiManager 7.6.0 through 7.6.5, FortiManager 7.4.0 through 7.4.9, FortiManager 7.2.0 through 7.2.11, FortiManager 7.0.0 through 7.0.15, FortiNAC-F 7.6.3 through 7.6.5, FortiOS 7.6.0 through 7.6.5, FortiOS 7.4.0 through 7.4.10, FortiOS 7.2.0 through 7.2.12, FortiOS 7.0.0 through 7.0.18, FortiProxy 7.6.0 through 7.6.4, FortiProxy 7.4.0 through 7.4.12, FortiProxy 7.2.0 through 7.2.15, FortiProxy 7.0.0 through 7.0.22, FortiWeb 8.0.0 through 8.0.3, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4.0 through 7.4.11 may allow an attacker with a FortiCloud account and a registered device to log into other devices registered to other accounts, if FortiCloud SSO authentication is enabled on those devices."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.4,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-288",
                  "description": "Improper access control",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-09T14:27:53.379Z",
            "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
            "shortName": "fortinet"
          },
          "references": [
            {
              "name": "https://fortiguard.fortinet.com/psirt/FG-IR-26-060",
              "url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-060"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to upcoming  FortiOS version 8.0.0 or above\nUpgrade to FortiOS version 7.6.6 or above\nUpgrade to FortiOS version 7.4.11 or above\nUpgrade to FortiOS version 7.2.13 or above\nUpgrade to FortiOS version 7.0.19 or above\nUpgrade to upcoming  FortiManager version 8.0.0 or above\nUpgrade to FortiManager version 7.6.6 or above\nUpgrade to FortiManager version 7.4.10 or above\nUpgrade to FortiManager version 7.2.12 or above\nUpgrade to FortiManager version 7.0.16 or above\nUpgrade to FortiAnalyzer version 7.6.6 or above\nUpgrade to FortiAnalyzer version 7.4.10 or above\nUpgrade to FortiAnalyzer version 7.2.12 or above\nUpgrade to FortiAnalyzer version 7.0.16 or above\nUpgrade to FortiProxy version 7.6.5 or above\nUpgrade to FortiProxy version 7.4.13 or above\nUpgrade to FortiProxy version 7.2.16 or above\nUpgrade to FortiProxy version 7.0.23 or above\nUpgrade to FortiWeb version 8.0.4 or above\nUpgrade to FortiWeb version 7.6.7 or above\nUpgrade to FortiWeb version 7.4.12 or above\nUpgrade to FortiNAC-F version 7.6.6 or above\nUpgrade to FortiSwitchManager version 7.2.9 or above\nUpgrade to FortiSwitchManager version 7.0.8 or above"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "assignerShortName": "fortinet",
        "cveId": "CVE-2026-24858",
        "datePublished": "2026-01-27T19:18:23.591Z",
        "dateReserved": "2026-01-27T15:11:02.057Z",
        "dateUpdated": "2026-06-09T14:27:53.379Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-59719 (GCVE-0-2025-59719)

    Vulnerability from cvelistv5 – Published: 2025-12-09 17:20 – Updated: 2026-06-09 09:02
    VLAI ENISA
    Summary
    An improper verification of cryptographic signature vulnerability in Fortinet FortiWeb 8.0.0, FortiWeb 7.6.0 through 7.6.4, FortiWeb 7.4.0 through 7.4.9 may allow an unauthenticated attacker to bypass the FortiCloud SSO login authentication via a crafted SAML response message.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-347 - Improper access control
    Assigner
    Impacted products
    Vendor Product Version
    Fortinet FortiWeb Affected: 8.0.0
    Affected: 7.6.0 , ≤ 7.6.4 (semver)
    Affected: 7.4.0 , ≤ 7.4.9 (semver)
        cpe:2.3:a:fortinet:fortiweb:8.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.6.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.6.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.6.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.6.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.6.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.9:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Siemens RUGGEDCOM APE1808 Affected: 0 , < * (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-59719",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-10T04:57:28.019701Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T16:56:59.225Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "affected": [
              {
                "defaultStatus": "unknown",
                "product": "RUGGEDCOM APE1808",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-09T09:02:40.137Z",
              "orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
              "shortName": "siemens-SADP"
            },
            "references": [
              {
                "url": "https://cert-portal.siemens.com/productcert/html/ssa-864900.html"
              }
            ],
            "x_adpType": "supplier"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:fortinet:fortiweb:8.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.6.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.6.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.6.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.6.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.6.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiWeb",
              "vendor": "Fortinet",
              "versions": [
                {
                  "status": "affected",
                  "version": "8.0.0"
                },
                {
                  "lessThanOrEqual": "7.6.4",
                  "status": "affected",
                  "version": "7.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.4.9",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An improper verification of cryptographic signature vulnerability in Fortinet FortiWeb 8.0.0, FortiWeb 7.6.0 through 7.6.4, FortiWeb 7.4.0 through 7.4.9 may allow an unauthenticated attacker to bypass the FortiCloud SSO login authentication via a crafted SAML response message."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.1,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-347",
                  "description": "Improper access control",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-20T12:39:05.692Z",
            "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
            "shortName": "fortinet"
          },
          "references": [
            {
              "name": "https://fortiguard.fortinet.com/psirt/FG-IR-25-647",
              "url": "https://fortiguard.fortinet.com/psirt/FG-IR-25-647"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to FortiSwitchManager version 7.2.7 or above\nUpgrade to FortiSwitchManager version 7.0.6 or above\nUpgrade to FortiProxy version 7.6.4 or above\nUpgrade to FortiProxy version 7.4.11 or above\nUpgrade to FortiProxy version 7.2.15 or above\nUpgrade to FortiProxy version 7.0.22 or above\nUpgrade to FortiOS version 7.6.4 or above\nUpgrade to FortiOS version 7.4.9 or above\nUpgrade to FortiOS version 7.2.12 or above\nUpgrade to FortiOS version 7.0.18 or above\nUpgrade to FortiWeb version 8.0.1 or above\nUpgrade to FortiWeb version 7.6.5 or above\nUpgrade to FortiWeb version 7.4.10 or above\nFortinet remediated this issue in FortiSASE version 25.3.b and hence customers do not need to perform any action.\nUpgrade to FortiPAM version 1.8.0 or above"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "assignerShortName": "fortinet",
        "cveId": "CVE-2025-59719",
        "datePublished": "2025-12-09T17:20:11.763Z",
        "dateReserved": "2025-09-19T04:30:39.464Z",
        "dateUpdated": "2026-06-09T09:02:40.137Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-64471 (GCVE-0-2025-64471)

    Vulnerability from cvelistv5 – Published: 2025-12-09 17:18 – Updated: 2026-01-14 09:19
    VLAI
    Summary
    A use of password hash instead of password for authentication vulnerability [CWE-836] vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.5, FortiWeb 7.4.0 through 7.4.10, FortiWeb 7.2.0 through 7.2.11, FortiWeb 7.0.0 through 7.0.11 may allow an unauthenticated attacker to use the hash in place of the password to authenticate via crafted HTTP/HTTPS requests
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-836 - Escalation of privilege
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fortinet FortiWeb Affected: 8.0.0 , ≤ 8.0.1 (semver)
    Affected: 7.6.0 , ≤ 7.6.5 (semver)
    Affected: 7.4.0 , ≤ 7.4.10 (semver)
    Affected: 7.2.0 , ≤ 7.2.11 (semver)
    Affected: 7.0.0 , ≤ 7.0.11 (semver)
        cpe:2.3:a:fortinet:fortiweb:8.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:8.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.6.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.6.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.6.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.6.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.6.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.6.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.10:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.9:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.11:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.10:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.9:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.11:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.10:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.9:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-64471",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-09T18:34:29.978564Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-09T18:34:33.479Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:fortinet:fortiweb:8.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:8.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.6.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.6.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.6.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.6.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.6.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.6.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.10:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.11:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.10:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.11:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.10:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiWeb",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "8.0.1",
                  "status": "affected",
                  "version": "8.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.6.5",
                  "status": "affected",
                  "version": "7.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.4.10",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.2.11",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.11",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A use of password hash instead of password for authentication vulnerability [CWE-836] vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.5, FortiWeb 7.4.0 through 7.4.10, FortiWeb 7.2.0 through 7.2.11, FortiWeb 7.0.0 through 7.0.11 may allow an unauthenticated attacker to use the hash in place of the password to authenticate via crafted HTTP/HTTPS requests"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-836",
                  "description": "Escalation of privilege",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-01-14T09:19:24.898Z",
            "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
            "shortName": "fortinet"
          },
          "references": [
            {
              "name": "https://fortiguard.fortinet.com/psirt/FG-IR-25-984",
              "url": "https://fortiguard.fortinet.com/psirt/FG-IR-25-984"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to FortiWeb version 8.0.2 or above\nUpgrade to FortiWeb version 7.6.6 or above\nUpgrade to FortiWeb version 7.4.11 or above\nUpgrade to FortiWeb version 7.2.12 or above\nUpgrade to FortiWeb version 7.0.12 or above"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "assignerShortName": "fortinet",
        "cveId": "CVE-2025-64471",
        "datePublished": "2025-12-09T17:18:44.569Z",
        "dateReserved": "2025-11-05T12:25:48.195Z",
        "dateUpdated": "2026-01-14T09:19:24.898Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-64447 (GCVE-0-2025-64447)

    Vulnerability from cvelistv5 – Published: 2025-12-09 17:18 – Updated: 2026-02-26 16:57
    VLAI
    Summary
    A reliance on cookies without validation and integrity checking vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.5, FortiWeb 7.4.0 through 7.4.10, FortiWeb 7.2.0 through 7.2.11, FortiWeb 7.0.0 through 7.0.11 may allow an unauthenticated attacker to execute arbitrary operations on the system via crafted HTTP or HTTPS request via forged cookies, requiring prior knowledge of the FortiWeb serial number.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-565 - Escalation of privilege
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fortinet FortiWeb Affected: 8.0.0 , ≤ 8.0.1 (semver)
    Affected: 7.6.0 , ≤ 7.6.5 (semver)
    Affected: 7.4.0 , ≤ 7.4.10 (semver)
    Affected: 7.2.0 , ≤ 7.2.11 (semver)
    Affected: 7.0.0 , ≤ 7.0.11 (semver)
        cpe:2.3:a:fortinet:fortiweb:8.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:8.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.6.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.6.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.6.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.6.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.6.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.6.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.10:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.9:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.11:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.10:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.9:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.11:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.10:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.9:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-64447",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-10T04:57:33.641740Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T16:57:02.714Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:fortinet:fortiweb:8.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:8.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.6.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.6.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.6.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.6.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.6.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.6.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.10:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.11:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.10:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.11:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.10:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiWeb",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "8.0.1",
                  "status": "affected",
                  "version": "8.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.6.5",
                  "status": "affected",
                  "version": "7.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.4.10",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.2.11",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.11",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A reliance on cookies without validation and integrity checking vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.5, FortiWeb 7.4.0 through 7.4.10, FortiWeb 7.2.0 through 7.2.11, FortiWeb 7.0.0 through 7.0.11 may allow an unauthenticated attacker to execute arbitrary operations on the system via crafted HTTP or HTTPS request via forged cookies, requiring prior knowledge of the FortiWeb serial number."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-565",
                  "description": "Escalation of privilege",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-01-14T09:19:49.321Z",
            "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
            "shortName": "fortinet"
          },
          "references": [
            {
              "name": "https://fortiguard.fortinet.com/psirt/FG-IR-25-945",
              "url": "https://fortiguard.fortinet.com/psirt/FG-IR-25-945"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to FortiWeb version 8.0.2 or above\nUpgrade to FortiWeb version 7.6.6 or above\nUpgrade to FortiWeb version 7.4.11 or above\nUpgrade to FortiWeb version 7.2.12 or above\nUpgrade to FortiWeb version 7.0.12 or above"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "assignerShortName": "fortinet",
        "cveId": "CVE-2025-64447",
        "datePublished": "2025-12-09T17:18:42.318Z",
        "dateReserved": "2025-11-04T14:26:34.042Z",
        "dateUpdated": "2026-02-26T16:57:02.714Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }