Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    3010 vulnerabilities by Fortinet

    CERTFR-2026-AVI-0725

    Vulnerability from certfr_avis - Published: 2026-06-10 - Updated: 2026-06-10

    De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et une atteinte à la confidentialité des données.

    Solutions

    Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    Impacted products
    Vendor Product Description
    Fortinet FortiOS FortiOS versions 7.6.x antérieures à 7.6.3
    Fortinet FortiSandbox FortiSandbox Cloud versions 5.0.4 et 5.0.5 antérieures à 5.0.6
    Fortinet FortiPortal FortiPortal versions antérieures à 7.2.9
    Fortinet FortiSandbox FortiSandbox versions 5.0.x antérieures à 5.0.6
    Fortinet FortiProxy FortiProxy versions 7.2.x antérieures à 7.2.15
    Fortinet FortiSandbox FortiSandbox versions 4.4.x antérieures à 4.4.9
    Fortinet FortiPortal FortiPortal versions 7.4.x antérieures à 7.4.8
    Fortinet FortiOS FortiOS versions 7.2.x antérieures à 7.2.11
    Fortinet FortiProxy FortiProxy versions 7.4.x antérieures à 7.4.11
    Fortinet FortiSandbox FortiSandbox PaaS versions 5.0.4 et 5.0.5 antérieures à 5.0.6
    Fortinet FortiOS FortiOS versions 7.4.x antérieures à 7.4.8
    Fortinet FortiProxy FortiProxy versions 7.6.x antérieures à 7.6.4
    References

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": "FortiOS versions 7.6.x ant\u00e9rieures \u00e0 7.6.3",
          "product": {
            "name": "FortiOS",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiSandbox Cloud versions 5.0.4 et 5.0.5 ant\u00e9rieures \u00e0 5.0.6",
          "product": {
            "name": "FortiSandbox",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiPortal versions ant\u00e9rieures \u00e0 7.2.9",
          "product": {
            "name": "FortiPortal",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiSandbox versions 5.0.x ant\u00e9rieures \u00e0 5.0.6",
          "product": {
            "name": "FortiSandbox",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiProxy versions 7.2.x ant\u00e9rieures \u00e0 7.2.15",
          "product": {
            "name": "FortiProxy",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiSandbox versions 4.4.x ant\u00e9rieures \u00e0 4.4.9",
          "product": {
            "name": "FortiSandbox",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiPortal versions 7.4.x ant\u00e9rieures \u00e0 7.4.8",
          "product": {
            "name": "FortiPortal",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiOS versions 7.2.x ant\u00e9rieures \u00e0 7.2.11",
          "product": {
            "name": "FortiOS",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiProxy versions 7.4.x ant\u00e9rieures \u00e0 7.4.11",
          "product": {
            "name": "FortiProxy",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiSandbox PaaS versions 5.0.4 et 5.0.5 ant\u00e9rieures \u00e0 5.0.6",
          "product": {
            "name": "FortiSandbox",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiOS versions 7.4.x ant\u00e9rieures \u00e0 7.4.8",
          "product": {
            "name": "FortiOS",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiProxy versions 7.6.x ant\u00e9rieures \u00e0 7.6.4",
          "product": {
            "name": "FortiProxy",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        }
      ],
      "affected_systems_content": "",
      "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
      "cves": [
        {
          "name": "CVE-2026-25089",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-25089"
        },
        {
          "name": "CVE-2025-67862",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-67862"
        },
        {
          "name": "CVE-2026-49938",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-49938"
        }
      ],
      "initial_release_date": "2026-06-10T00:00:00",
      "last_revision_date": "2026-06-10T00:00:00",
      "links": [],
      "reference": "CERTFR-2026-AVI-0725",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2026-06-10T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
        },
        {
          "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
        }
      ],
      "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Fortinet. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
      "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
      "vendor_advisories": [
        {
          "published_at": "2026-06-09",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-143",
          "url": "https://www.fortiguard.com/psirt/FG-IR-26-143"
        },
        {
          "published_at": "2026-06-09",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-141",
          "url": "https://www.fortiguard.com/psirt/FG-IR-26-141"
        },
        {
          "published_at": "2026-06-09",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-140",
          "url": "https://www.fortiguard.com/psirt/FG-IR-26-140"
        }
      ]
    }

    CERTFR-2026-AVI-0575

    Vulnerability from certfr_avis - Published: 2026-05-13 - Updated: 2026-05-13

    De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.

    Solutions

    Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    Impacted products
    Vendor Product Description
    Fortinet FortiOS FortiOS versions 7.6.x antérieures à 7.6.4
    Fortinet FortiAP FortiAP-W2 versions antérieures à 7.4.5
    Fortinet FortiMail FortiMail versions 7.6.x antérieures à 7.6.4
    Fortinet FortiAnalyzer FortiAnalyzer versions 7.6.x antérieures à 7.6.5
    Fortinet FortiSandbox FortiSandbox PaaS 21.x, 22.x, et 23.x toutes versions
    Fortinet FortiSandbox FortiSandbox PaaS versions 4.4.x antérieures à 4.4.9
    Fortinet FortiAP FortiAP versions 7.6.x antérieures à 7.6.3
    Fortinet FortiAP FortiAP-U versions 7.0.x antérieures à 7.0.6
    Fortinet FortiDeceptor FortiDeceptor versions 5.x et 6.x antérieures à 6.1
    Fortinet FortiSandbox FortiSandbox Cloud 24 toutes versions
    Fortinet FortiManager FortiManager versions 7.6.x antérieures à 7.6.5
    Fortinet FortiClient FortiClientWindows versions antérieures à 7.4.3
    Fortinet FortiSandbox FortiSandbox versions 4.4.x antérieures à 4.4.9
    Fortinet FortiOS FortiOS versions 7.4.x antérieures à 7.4.9
    Fortinet FortiOS FortiOS versions 7.2.x antérieures à 7.2.12
    Fortinet FortiMail FortiMail versions 7.4.x antérieures à 7.4.6
    Fortinet FortiSandbox FortiSandbox versions 5.x antérieures à 5.0.2
    Fortinet N/A FortiTokenAndroid versions antérieures à 6.4
    Fortinet FortiAuthenticator FortiAuthenticator versions 6.5.x antérieures à 6.5.7
    Fortinet FortiManager FortiManager versions antérieures à 7.4.9
    Fortinet FortiSandbox FortiSandbox Cloud 23 toutes versions
    Fortinet FortiNDR FortiNDR versions 7.6.x antérieures à 7.6.3
    Fortinet FortiSandbox FortiSandbox Cloud versions 5.x antérieures à 5.0.6
    Fortinet FortiAuthenticator FortiAuthenticator versions 6.6.x antérieures à 6.6.9
    Fortinet FortiAnalyzer FortiAnalyzer versions antérieures à 7.4.9
    Fortinet FortiMail FortiMail versions 7.2.x antérieures à 7.2.9
    Fortinet FortiNDR FortiNDR versions 7.x antérieures à 7.4.10
    Fortinet FortiAP FortiAP versions antérieures à 7.4.6
    Fortinet FortiSandbox FortiSandbox PaaS versions 5.0.x antérieures à 5.0.2
    Fortinet FortiAuthenticator FortiAuthenticator versions 8.0.x antérieures à 8.0.3
    References

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": "FortiOS versions 7.6.x ant\u00e9rieures \u00e0 7.6.4",
          "product": {
            "name": "FortiOS",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiAP-W2 versions ant\u00e9rieures \u00e0 7.4.5",
          "product": {
            "name": "FortiAP",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiMail versions 7.6.x ant\u00e9rieures \u00e0 7.6.4",
          "product": {
            "name": "FortiMail",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiAnalyzer versions 7.6.x ant\u00e9rieures \u00e0 7.6.5",
          "product": {
            "name": "FortiAnalyzer",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiSandbox PaaS 21.x, 22.x, et 23.x toutes versions",
          "product": {
            "name": "FortiSandbox",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiSandbox PaaS versions 4.4.x ant\u00e9rieures \u00e0 4.4.9",
          "product": {
            "name": "FortiSandbox",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiAP versions 7.6.x ant\u00e9rieures \u00e0 7.6.3",
          "product": {
            "name": "FortiAP",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiAP-U versions 7.0.x ant\u00e9rieures \u00e0 7.0.6",
          "product": {
            "name": "FortiAP",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiDeceptor versions 5.x et 6.x ant\u00e9rieures \u00e0 6.1",
          "product": {
            "name": "FortiDeceptor",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiSandbox Cloud 24 toutes versions",
          "product": {
            "name": "FortiSandbox",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiManager versions 7.6.x ant\u00e9rieures \u00e0 7.6.5",
          "product": {
            "name": "FortiManager",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiClientWindows versions ant\u00e9rieures \u00e0 7.4.3",
          "product": {
            "name": "FortiClient",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiSandbox versions 4.4.x ant\u00e9rieures \u00e0 4.4.9",
          "product": {
            "name": "FortiSandbox",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiOS versions 7.4.x ant\u00e9rieures \u00e0 7.4.9",
          "product": {
            "name": "FortiOS",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiOS versions 7.2.x ant\u00e9rieures \u00e0 7.2.12",
          "product": {
            "name": "FortiOS",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiMail versions 7.4.x ant\u00e9rieures \u00e0 7.4.6",
          "product": {
            "name": "FortiMail",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiSandbox versions 5.x ant\u00e9rieures \u00e0 5.0.2",
          "product": {
            "name": "FortiSandbox",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiTokenAndroid versions ant\u00e9rieures \u00e0 6.4",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiAuthenticator versions 6.5.x ant\u00e9rieures \u00e0 6.5.7",
          "product": {
            "name": "FortiAuthenticator",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiManager versions ant\u00e9rieures \u00e0 7.4.9",
          "product": {
            "name": "FortiManager",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiSandbox Cloud 23 toutes versions",
          "product": {
            "name": "FortiSandbox",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiNDR versions 7.6.x ant\u00e9rieures \u00e0 7.6.3",
          "product": {
            "name": "FortiNDR",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiSandbox Cloud versions 5.x ant\u00e9rieures \u00e0 5.0.6",
          "product": {
            "name": "FortiSandbox",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiAuthenticator versions 6.6.x ant\u00e9rieures \u00e0 6.6.9",
          "product": {
            "name": "FortiAuthenticator",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiAnalyzer versions ant\u00e9rieures \u00e0 7.4.9",
          "product": {
            "name": "FortiAnalyzer",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiMail versions 7.2.x ant\u00e9rieures \u00e0 7.2.9",
          "product": {
            "name": "FortiMail",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiNDR versions 7.x ant\u00e9rieures \u00e0 7.4.10",
          "product": {
            "name": "FortiNDR",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiAP versions ant\u00e9rieures \u00e0 7.4.6",
          "product": {
            "name": "FortiAP",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiSandbox PaaS versions 5.0.x ant\u00e9rieures \u00e0 5.0.2",
          "product": {
            "name": "FortiSandbox",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiAuthenticator versions 8.0.x ant\u00e9rieures \u00e0 8.0.3",
          "product": {
            "name": "FortiAuthenticator",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        }
      ],
      "affected_systems_content": "",
      "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
      "cves": [
        {
          "name": "CVE-2026-44279",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-44279"
        },
        {
          "name": "CVE-2026-25690",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-25690"
        },
        {
          "name": "CVE-2026-44277",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-44277"
        },
        {
          "name": "CVE-2025-53844",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-53844"
        },
        {
          "name": "CVE-2025-53681",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-53681"
        },
        {
          "name": "CVE-2026-26083",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-26083"
        },
        {
          "name": "CVE-2025-67604",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-67604"
        },
        {
          "name": "CVE-2026-44278",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-44278"
        },
        {
          "name": "CVE-2025-53680",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-53680"
        },
        {
          "name": "CVE-2025-53870",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-53870"
        },
        {
          "name": "CVE-2026-25088",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-25088"
        }
      ],
      "initial_release_date": "2026-05-13T00:00:00",
      "last_revision_date": "2026-05-13T00:00:00",
      "links": [],
      "reference": "CERTFR-2026-AVI-0575",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2026-05-13T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "D\u00e9ni de service \u00e0 distance"
        },
        {
          "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
        },
        {
          "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
        },
        {
          "description": "Injection SQL (SQLi)"
        },
        {
          "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
        },
        {
          "description": "Contournement de la politique de s\u00e9curit\u00e9"
        },
        {
          "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
        },
        {
          "description": "\u00c9l\u00e9vation de privil\u00e8ges"
        }
      ],
      "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Fortinet. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
      "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
      "vendor_advisories": [
        {
          "published_at": "2026-05-12",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-137",
          "url": "https://www.fortiguard.com/psirt/FG-IR-26-137"
        },
        {
          "published_at": "2026-05-12",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-133",
          "url": "https://www.fortiguard.com/psirt/FG-IR-26-133"
        },
        {
          "published_at": "2026-05-12",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-138",
          "url": "https://www.fortiguard.com/psirt/FG-IR-26-138"
        },
        {
          "published_at": "2026-05-12",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-130",
          "url": "https://www.fortiguard.com/psirt/FG-IR-26-130"
        },
        {
          "published_at": "2026-05-12",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-134",
          "url": "https://www.fortiguard.com/psirt/FG-IR-26-134"
        },
        {
          "published_at": "2026-05-12",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-136",
          "url": "https://www.fortiguard.com/psirt/FG-IR-26-136"
        },
        {
          "published_at": "2026-05-12",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-123",
          "url": "https://www.fortiguard.com/psirt/FG-IR-26-123"
        },
        {
          "published_at": "2026-05-12",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-129",
          "url": "https://www.fortiguard.com/psirt/FG-IR-26-129"
        },
        {
          "published_at": "2026-05-12",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-128",
          "url": "https://www.fortiguard.com/psirt/FG-IR-26-128"
        },
        {
          "published_at": "2026-05-12",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-132",
          "url": "https://www.fortiguard.com/psirt/FG-IR-26-132"
        },
        {
          "published_at": "2026-05-12",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-131",
          "url": "https://www.fortiguard.com/psirt/FG-IR-26-131"
        }
      ]
    }

    CVE-2026-49938 (GCVE-0-2026-49938)

    Vulnerability from nvd – Published: 2026-06-09 14:27 – Updated: 2026-06-09 15:36
    VLAI
    Summary
    A improper access control vulnerability in Fortinet FortiPortal 7.4.0 through 7.4.7, FortiPortal 7.2.0 through 7.2.8, FortiPortal 7.0 all versions may allow attacker to improper access control via <insert attack vector here>
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-284 - Improper access control
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fortinet FortiPortal Affected: 7.4.0 , ≤ 7.4.7 (semver)
    Affected: 7.2.0 , ≤ 7.2.8 (semver)
    Affected: 7.0.0 , ≤ 7.0.14 (semver)
        cpe:2.3:a:fortinet:fortiportal:7.4.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiportal:7.4.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiportal:7.4.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiportal:7.4.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiportal:7.4.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiportal:7.4.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiportal:7.4.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiportal:7.4.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiportal:7.2.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiportal:7.2.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiportal:7.2.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiportal:7.2.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiportal:7.2.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiportal:7.2.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiportal:7.2.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiportal:7.2.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiportal:7.2.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiportal:7.0.14:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiportal:7.0.13:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiportal:7.0.12:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiportal:7.0.11:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiportal:7.0.10:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiportal:7.0.9:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiportal:7.0.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiportal:7.0.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiportal:7.0.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiportal:7.0.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiportal:7.0.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiportal:7.0.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiportal:7.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiportal:7.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiportal:7.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-49938",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-09T15:36:51.644752Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-09T15:36:59.170Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:fortinet:fortiportal:7.4.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiportal:7.4.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiportal:7.4.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiportal:7.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiportal:7.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiportal:7.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiportal:7.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiportal:7.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiportal:7.2.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiportal:7.2.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiportal:7.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiportal:7.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiportal:7.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiportal:7.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiportal:7.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiportal:7.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiportal:7.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiportal:7.0.14:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiportal:7.0.13:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiportal:7.0.12:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiportal:7.0.11:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiportal:7.0.10:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiportal:7.0.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiportal:7.0.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiportal:7.0.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiportal:7.0.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiportal:7.0.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiportal:7.0.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiportal:7.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiportal:7.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiportal:7.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiportal:7.0.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiPortal",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "7.4.7",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.2.8",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.14",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A improper access control vulnerability in Fortinet FortiPortal 7.4.0 through 7.4.7, FortiPortal 7.2.0 through 7.2.8, FortiPortal 7.0 all versions may allow attacker to improper access control via \u003cinsert attack vector here\u003e"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.2,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "Improper access control",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-09T14:27:42.914Z",
            "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
            "shortName": "fortinet"
          },
          "references": [
            {
              "name": "https://fortiguard.fortinet.com/psirt/FG-IR-26-140",
              "url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-140"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to FortiPortal version 7.4.8 or above\nUpgrade to upcoming  FortiPortal version 7.2.9 or above"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "assignerShortName": "fortinet",
        "cveId": "CVE-2026-49938",
        "datePublished": "2026-06-09T14:27:42.914Z",
        "dateReserved": "2026-06-02T15:05:18.629Z",
        "dateUpdated": "2026-06-09T15:36:59.170Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-25089 (GCVE-0-2026-25089)

    Vulnerability from nvd – Published: 2026-06-09 14:27 – Updated: 2026-06-10 13:35
    VLAI
    Summary
    A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8, FortiSandbox 4.2 all versions, FortiSandbox Cloud 5.0.4 through 5.0.5, FortiSandbox PaaS 5.0.4 through 5.0.5 may allow an unauthenticated attacker to execute unauthorized commands via specifically crafted HTTP requests
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Execute unauthorized code or commands
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fortinet FortiSandbox Affected: 5.0.0 , ≤ 5.0.5 (semver)
    Affected: 4.4.0 , ≤ 4.4.8 (semver)
    Affected: 4.2.1 , ≤ 4.2.8 (semver)
        cpe:2.3:a:fortinet:fortisandbox:5.0.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandbox:5.0.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandbox:5.0.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandbox:5.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandbox:5.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandbox:5.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandbox:4.4.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandbox:4.4.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandbox:4.4.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandbox:4.4.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandbox:4.4.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandbox:4.4.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandbox:4.4.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandbox:4.4.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandbox:4.4.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandbox:4.2.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandbox:4.2.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandbox:4.2.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandbox:4.2.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandbox:4.2.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandbox:4.2.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandbox:4.2.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandbox:4.2.1:*:*:*:*:*:*:*
    Create a notification for this product.
    Fortinet FortiSandbox Cloud Affected: 5.0.4 , ≤ 5.0.5 (semver)
        cpe:2.3:a:fortinet:fortisandboxcloud:5.0.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandboxcloud:5.0.4:*:*:*:*:*:*:*
    Create a notification for this product.
    Fortinet FortiSandbox PaaS Affected: 5.0.4 , ≤ 5.0.5 (semver)
        cpe:2.3:a:fortinet:fortisandboxpaas:5.0.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandboxpaas:5.0.4:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-25089",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-10T03:58:38.447554Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-10T13:35:01.375Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:fortinet:fortisandbox:5.0.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandbox:5.0.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandbox:5.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandbox:5.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandbox:5.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandbox:5.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandbox:4.4.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandbox:4.4.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandbox:4.4.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandbox:4.4.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandbox:4.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandbox:4.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandbox:4.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandbox:4.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandbox:4.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandbox:4.2.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandbox:4.2.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandbox:4.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandbox:4.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandbox:4.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandbox:4.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandbox:4.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandbox:4.2.1:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiSandbox",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "5.0.5",
                  "status": "affected",
                  "version": "5.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "4.4.8",
                  "status": "affected",
                  "version": "4.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "4.2.8",
                  "status": "affected",
                  "version": "4.2.1",
                  "versionType": "semver"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:fortinet:fortisandboxcloud:5.0.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandboxcloud:5.0.4:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiSandbox Cloud",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "5.0.5",
                  "status": "affected",
                  "version": "5.0.4",
                  "versionType": "semver"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:fortinet:fortisandboxpaas:5.0.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandboxpaas:5.0.4:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiSandbox PaaS",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "5.0.5",
                  "status": "affected",
                  "version": "5.0.4",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A improper neutralization of special elements used in an os command (\u0027os command injection\u0027) vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8, FortiSandbox 4.2 all versions, FortiSandbox Cloud 5.0.4 through 5.0.5, FortiSandbox PaaS 5.0.4 through 5.0.5 may allow an unauthenticated attacker to execute unauthorized commands via specifically crafted HTTP requests"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.1,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "Execute unauthorized code or commands",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-09T14:27:47.492Z",
            "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
            "shortName": "fortinet"
          },
          "references": [
            {
              "name": "https://fortiguard.fortinet.com/psirt/FG-IR-26-141",
              "url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-141"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to upcoming  FortiSandbox version 5.2.0 or above\nUpgrade to FortiSandbox version 5.0.6 or above\nUpgrade to FortiSandbox version 4.4.9 or above\nUpgrade to upcoming  FortiSandbox PaaS version 5.2.0 or above\nUpgrade to FortiSandbox PaaS version 5.0.6 or above\nFortinet remediated this issue in FortiSandbox Cloud version 5.2.0 (not released) and hence customers do not need to perform any action.\nFortinet remediated this issue in FortiSandbox Cloud version 5.0.6 (not released) and hence customers do not need to perform any action."
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "assignerShortName": "fortinet",
        "cveId": "CVE-2026-25089",
        "datePublished": "2026-06-09T14:27:47.492Z",
        "dateReserved": "2026-01-29T09:27:29.820Z",
        "dateUpdated": "2026-06-10T13:35:01.375Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-67862 (GCVE-0-2025-67862)

    Vulnerability from nvd – Published: 2026-06-09 14:27 – Updated: 2026-06-10 03:58
    VLAI
    Summary
    An Internal Asset Exposed to Unsafe Debug Access Level or State vulnerability [CWE-1244] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.2, FortiOS 7.4.0 through 7.4.7, FortiOS 7.2.0 through 7.2.10, FortiOS 7.0.0 through 7.0.16, FortiOS 6.4 all versions, FortiProxy 7.6.0 through 7.6.3, FortiProxy 7.4.0 through 7.4.10, FortiProxy 7.2.0 through 7.2.14, FortiProxy 7.0 all versions may allow an authenticated admin to execute lua scripts via crafted CLI commands.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-1244 - Execute unauthorized code or commands
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fortinet FortiOS Affected: 7.6.0 , ≤ 7.6.1 (semver)
    Affected: 7.4.0 , ≤ 7.4.6 (semver)
    Affected: 7.2.0 , ≤ 7.2.10 (semver)
    Affected: 7.0.0 , ≤ 7.0.16 (semver)
    Affected: 6.4.0 , ≤ 6.4.16 (semver)
        cpe:2.3:o:fortinet:fortios:7.6.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.6.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.6:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.5:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.4:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.10:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.9:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.8:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.7:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.6:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.5:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.4:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.16:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.15:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.14:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.13:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.12:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.11:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.10:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.9:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.8:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.7:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.6:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.5:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.4:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.16:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.15:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.14:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.13:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.12:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.11:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.10:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.9:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.8:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.7:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.6:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.5:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.4:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Fortinet FortiProxy Affected: 7.6.0 , ≤ 7.6.3 (semver)
    Affected: 7.4.0 , ≤ 7.4.10 (semver)
    Affected: 7.2.0 , ≤ 7.2.14 (semver)
    Affected: 7.0.0 , ≤ 7.0.23 (semver)
        cpe:2.3:a:fortinet:fortiproxy:7.6.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.6.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.6.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.6.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.10:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.9:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.14:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.13:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.12:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.11:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.10:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.9:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.23:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.22:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.21:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.20:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.19:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.18:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.17:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.16:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.15:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.14:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.13:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.12:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.11:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.10:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.9:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-67862",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-09T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-10T03:58:56.818Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:o:fortinet:fortios:7.6.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.6.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.10:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.7:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.16:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.15:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.14:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.13:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.10:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.7:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.16:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.15:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.14:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.13:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.10:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.7:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiOS",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "7.6.1",
                  "status": "affected",
                  "version": "7.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.4.6",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.2.10",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.16",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.4.16",
                  "status": "affected",
                  "version": "6.4.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:fortinet:fortiproxy:7.6.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.6.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.6.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.6.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.10:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.14:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.13:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.12:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.11:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.10:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.23:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.22:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.21:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.20:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.19:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.18:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.17:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.16:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.15:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.14:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.13:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.12:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.11:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.10:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiProxy",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "7.6.3",
                  "status": "affected",
                  "version": "7.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.4.10",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.2.14",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.23",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An Internal Asset Exposed to Unsafe Debug Access Level or State vulnerability [CWE-1244] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.2, FortiOS 7.4.0 through 7.4.7, FortiOS 7.2.0 through 7.2.10, FortiOS 7.0.0 through 7.0.16, FortiOS 6.4 all versions, FortiProxy 7.6.0 through 7.6.3, FortiProxy 7.4.0 through 7.4.10, FortiProxy 7.2.0 through 7.2.14, FortiProxy 7.0 all versions may allow an authenticated admin to execute lua scripts via crafted CLI commands."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1244",
                  "description": "Execute unauthorized code or commands",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-09T14:27:50.485Z",
            "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
            "shortName": "fortinet"
          },
          "references": [
            {
              "name": "https://fortiguard.fortinet.com/psirt/FG-IR-26-143",
              "url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-143"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to FortiOS version 7.6.3 or above\nUpgrade to FortiOS version 7.4.8 or above\nUpgrade to FortiOS version 7.2.11 or above\nUpgrade to FortiOS version 7.0.17 or above\nUpgrade to FortiProxy version 7.6.4 or above\nUpgrade to FortiProxy version 7.4.11 or above\nUpgrade to FortiProxy version 7.2.15 or above"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "assignerShortName": "fortinet",
        "cveId": "CVE-2025-67862",
        "datePublished": "2026-06-09T14:27:50.485Z",
        "dateReserved": "2025-12-12T15:39:26.251Z",
        "dateUpdated": "2026-06-10T03:58:56.818Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-44279 (GCVE-0-2026-44279)

    Vulnerability from nvd – Published: 2026-05-12 16:54 – Updated: 2026-06-26 08:23
    VLAI
    Summary
    An improper export of android application components vulnerability in Fortinet FortiTokenAndroid 6.2 all versions, FortiTokenAndroid 6.1 all versions, FortiTokenAndroid 5.2 all versions may allow attacker to disclose information via an exported Content Provider URI.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-926 - Improper access control
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fortinet FortiTokenAndroid Affected: 6.2.0
    Affected: 6.1.0
    Affected: 5.2.0 , ≤ 5.2.2 (semver)
        cpe:2.3:a:fortinet:fortitokenandroid:6.2.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortitokenandroid:6.1.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortitokenandroid:5.2.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortitokenandroid:5.2.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortitokenandroid:5.2.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-44279",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-12T18:59:55.342232Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-12T19:02:36.321Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:fortinet:fortitokenandroid:6.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortitokenandroid:6.1.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortitokenandroid:5.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortitokenandroid:5.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortitokenandroid:5.2.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiTokenAndroid",
              "vendor": "Fortinet",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.2.0"
                },
                {
                  "status": "affected",
                  "version": "6.1.0"
                },
                {
                  "lessThanOrEqual": "5.2.2",
                  "status": "affected",
                  "version": "5.2.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An improper export of android application components vulnerability in Fortinet FortiTokenAndroid 6.2 all versions, FortiTokenAndroid 6.1 all versions, FortiTokenAndroid 5.2 all versions may allow attacker to disclose information via an exported Content Provider URI."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-926",
                  "description": "Improper access control",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-26T08:23:24.786Z",
            "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
            "shortName": "fortinet"
          },
          "references": [
            {
              "name": "https://fortiguard.fortinet.com/psirt/FG-IR-26-130",
              "url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-130"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to FortiTokenAndroid version 6.4.0 or above"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "assignerShortName": "fortinet",
        "cveId": "CVE-2026-44279",
        "datePublished": "2026-05-12T16:54:09.625Z",
        "dateReserved": "2026-05-05T17:24:18.895Z",
        "dateUpdated": "2026-06-26T08:23:24.786Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-44278 (GCVE-0-2026-44278)

    Vulnerability from nvd – Published: 2026-05-12 16:54 – Updated: 2026-05-14 15:28
    VLAI
    Summary
    A use of hard-coded cryptographic key vulnerability in Fortinet FortiClientWindows 7.4.0 through 7.4.2, FortiClientWindows 7.2 all versions may allow attacker to information disclosure via <insert attack vector here>
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fortinet FortiClientWindows Affected: 7.4.0 , ≤ 7.4.2 (semver)
    Affected: 7.2.0 , ≤ 7.2.14 (semver)
        cpe:2.3:a:fortinet:forticlientwindows:7.4.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticlientwindows:7.4.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticlientwindows:7.4.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticlientwindows:7.2.14:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticlientwindows:7.2.13:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticlientwindows:7.2.12:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticlientwindows:7.2.11:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticlientwindows:7.2.10:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticlientwindows:7.2.9:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticlientwindows:7.2.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticlientwindows:7.2.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticlientwindows:7.2.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticlientwindows:7.2.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticlientwindows:7.2.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticlientwindows:7.2.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticlientwindows:7.2.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticlientwindows:7.2.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticlientwindows:7.2.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-44278",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-12T18:59:50.445107Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-12T19:02:43.679Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:fortinet:forticlientwindows:7.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticlientwindows:7.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticlientwindows:7.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticlientwindows:7.2.14:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticlientwindows:7.2.13:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticlientwindows:7.2.12:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticlientwindows:7.2.11:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticlientwindows:7.2.10:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticlientwindows:7.2.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticlientwindows:7.2.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticlientwindows:7.2.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticlientwindows:7.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticlientwindows:7.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticlientwindows:7.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticlientwindows:7.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticlientwindows:7.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticlientwindows:7.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticlientwindows:7.2.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiClientWindows",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "7.4.2",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.2.14",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A use of hard-coded cryptographic key vulnerability in Fortinet FortiClientWindows 7.4.0 through 7.4.2, FortiClientWindows 7.2 all versions may allow attacker to information disclosure via \u003cinsert attack vector here\u003e"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 2.1,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-321",
                  "description": "Information disclosure",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-14T15:28:56.927Z",
            "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
            "shortName": "fortinet"
          },
          "references": [
            {
              "name": "https://fortiguard.fortinet.com/psirt/FG-IR-26-129",
              "url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-129"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to FortiClientWindows version 7.4.3 or above"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "assignerShortName": "fortinet",
        "cveId": "CVE-2026-44278",
        "datePublished": "2026-05-12T16:54:09.226Z",
        "dateReserved": "2026-05-05T17:24:17.727Z",
        "dateUpdated": "2026-05-14T15:28:56.927Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-44277 (GCVE-0-2026-44277)

    Vulnerability from nvd – Published: 2026-05-12 16:54 – Updated: 2026-05-28 09:30
    VLAI
    Summary
    A improper access control vulnerability in Fortinet FortiAuthenticator 8.0.2, FortiAuthenticator 8.0.0, FortiAuthenticator 6.6.0 through 6.6.8, FortiAuthenticator 6.5.0 through 6.5.6 may allow attacker to execute unauthorized code or commands via crafted requests.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-284 - Execute unauthorized code or commands
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fortinet FortiAuthenticator Affected: 8.0.2
    Affected: 8.0.0
    Affected: 6.6.0 , ≤ 6.6.8 (semver)
    Affected: 6.5.0 , ≤ 6.5.6 (semver)
    Affected: 6.4.0 , ≤ 6.4.10 (semver)
        cpe:2.3:a:fortinet:fortiauthenticator:8.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiauthenticator:8.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiauthenticator:6.6.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiauthenticator:6.6.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiauthenticator:6.6.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiauthenticator:6.6.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiauthenticator:6.6.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiauthenticator:6.6.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiauthenticator:6.6.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiauthenticator:6.6.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiauthenticator:6.6.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiauthenticator:6.5.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiauthenticator:6.5.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiauthenticator:6.5.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiauthenticator:6.5.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiauthenticator:6.5.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiauthenticator:6.5.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiauthenticator:6.5.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiauthenticator:6.4.10:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiauthenticator:6.4.9:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiauthenticator:6.4.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiauthenticator:6.4.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiauthenticator:6.4.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiauthenticator:6.4.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiauthenticator:6.4.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiauthenticator:6.4.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiauthenticator:6.4.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiauthenticator:6.4.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiauthenticator:6.4.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-44277",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-12T18:59:33.244531Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-12T19:02:58.505Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:fortinet:fortiauthenticator:8.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiauthenticator:8.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiauthenticator:6.6.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiauthenticator:6.6.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiauthenticator:6.6.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiauthenticator:6.6.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiauthenticator:6.6.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiauthenticator:6.6.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiauthenticator:6.6.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiauthenticator:6.6.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiauthenticator:6.6.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiauthenticator:6.5.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiauthenticator:6.5.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiauthenticator:6.5.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiauthenticator:6.5.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiauthenticator:6.5.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiauthenticator:6.5.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiauthenticator:6.5.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiauthenticator:6.4.10:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiauthenticator:6.4.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiauthenticator:6.4.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiauthenticator:6.4.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiauthenticator:6.4.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiauthenticator:6.4.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiauthenticator:6.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiauthenticator:6.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiauthenticator:6.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiauthenticator:6.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiauthenticator:6.4.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiAuthenticator",
              "vendor": "Fortinet",
              "versions": [
                {
                  "status": "affected",
                  "version": "8.0.2"
                },
                {
                  "status": "affected",
                  "version": "8.0.0"
                },
                {
                  "lessThanOrEqual": "6.6.8",
                  "status": "affected",
                  "version": "6.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.5.6",
                  "status": "affected",
                  "version": "6.5.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.4.10",
                  "status": "affected",
                  "version": "6.4.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A improper access control vulnerability in Fortinet FortiAuthenticator 8.0.2, FortiAuthenticator 8.0.0, FortiAuthenticator 6.6.0 through 6.6.8, FortiAuthenticator 6.5.0 through 6.5.6 may allow attacker to execute unauthorized code or commands via crafted requests."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.1,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "Execute unauthorized code or commands",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-28T09:30:16.137Z",
            "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
            "shortName": "fortinet"
          },
          "references": [
            {
              "name": "https://fortiguard.fortinet.com/psirt/FG-IR-26-128",
              "url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-128"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to FortiAuthenticator version 8.0.3 or above\nUpgrade to FortiAuthenticator version 8.0.1 or above\nUpgrade to FortiAuthenticator version 6.6.9 or above\nUpgrade to FortiAuthenticator version 6.5.7 or above\nUpgrade to FortiAuthenticator version 6.4.11 or above\nUpgrade to FortiAuthenticator version 6.3.5 or above"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "assignerShortName": "fortinet",
        "cveId": "CVE-2026-44277",
        "datePublished": "2026-05-12T16:54:05.024Z",
        "dateReserved": "2026-05-05T17:24:16.702Z",
        "dateUpdated": "2026-05-28T09:30:16.137Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-26083 (GCVE-0-2026-26083)

    Vulnerability from nvd – Published: 2026-05-12 16:54 – Updated: 2026-05-13 03:58
    VLAI
    Summary
    A missing authorization vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.1, FortiSandbox 4.4.0 through 4.4.8, FortiSandbox Cloud 5.0.2 through 5.0.5, FortiSandbox PaaS 23.4 all versions, FortiSandbox PaaS 23.3 all versions, FortiSandbox PaaS 23.1 all versions, FortiSandbox PaaS 22.2 all versions, FortiSandbox PaaS 22.1 all versions, FortiSandbox PaaS 21.4 all versions, FortiSandbox PaaS 21.3 all versions, FortiSandbox PaaS 5.0.0 through 5.0.1, FortiSandbox PaaS 4.4.5 through 4.4.8 may allow an unauthenticated attacker to execute unauthorized code or commands via HTTP requests.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-862 - Execute unauthorized code or commands
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fortinet FortiSandbox Cloud Affected: 5.0.0 , ≤ 5.0.1 (semver)
    Affected: 4.4.5 , ≤ 4.4.8 (semver)
        cpe:2.3:a:fortinet:fortisandboxcloud:5.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandboxcloud:5.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandboxcloud:4.4.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandboxcloud:4.4.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandboxcloud:4.4.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandboxcloud:4.4.5:*:*:*:*:*:*:*
    Create a notification for this product.
    Fortinet FortiSandbox Affected: 5.0.0 , ≤ 5.0.1 (semver)
    Affected: 4.4.0 , ≤ 4.4.8 (semver)
    Affected: 4.2.1 , ≤ 4.2.8 (semver)
        cpe:2.3:a:fortinet:fortisandbox:5.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandbox:5.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandbox:4.4.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandbox:4.4.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandbox:4.4.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandbox:4.4.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandbox:4.4.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandbox:4.4.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandbox:4.4.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandbox:4.4.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandbox:4.4.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandbox:4.2.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandbox:4.2.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandbox:4.2.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandbox:4.2.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandbox:4.2.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandbox:4.2.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandbox:4.2.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandbox:4.2.1:*:*:*:*:*:*:*
    Create a notification for this product.
    Fortinet FortiSandbox PaaS Affected: 23.4.4374
    Affected: 23.4.4350
    Affected: 23.3.4329
    Affected: 23.1.4245
    Affected: 22.2.4151
    Affected: 22.2.4134
    Affected: 22.1.4113
    Affected: 21.4.4072
    Affected: 21.3.4055
    Affected: 5.0.0 , ≤ 5.0.1 (semver)
    Affected: 4.4.5 , ≤ 4.4.8 (semver)
        cpe:2.3:a:fortinet:fortisandboxpaas:23.4.4374:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandboxpaas:23.4.4350:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandboxpaas:23.3.4329:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandboxpaas:23.1.4245:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandboxpaas:22.2.4151:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandboxpaas:22.2.4134:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandboxpaas:22.1.4113:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandboxpaas:21.4.4072:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandboxpaas:21.3.4055:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandboxpaas:5.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandboxpaas:5.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandboxpaas:4.4.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandboxpaas:4.4.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandboxpaas:4.4.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandboxpaas:4.4.5:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-26083",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-12T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-13T03:58:29.159Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:fortinet:fortisandboxcloud:5.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandboxcloud:5.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandboxcloud:4.4.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandboxcloud:4.4.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandboxcloud:4.4.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandboxcloud:4.4.5:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiSandbox Cloud",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "5.0.1",
                  "status": "affected",
                  "version": "5.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "4.4.8",
                  "status": "affected",
                  "version": "4.4.5",
                  "versionType": "semver"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:fortinet:fortisandbox:5.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandbox:5.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandbox:4.4.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandbox:4.4.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandbox:4.4.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandbox:4.4.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandbox:4.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandbox:4.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandbox:4.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandbox:4.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandbox:4.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandbox:4.2.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandbox:4.2.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandbox:4.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandbox:4.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandbox:4.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandbox:4.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandbox:4.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandbox:4.2.1:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiSandbox",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "5.0.1",
                  "status": "affected",
                  "version": "5.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "4.4.8",
                  "status": "affected",
                  "version": "4.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "4.2.8",
                  "status": "affected",
                  "version": "4.2.1",
                  "versionType": "semver"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:fortinet:fortisandboxpaas:23.4.4374:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandboxpaas:23.4.4350:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandboxpaas:23.3.4329:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandboxpaas:23.1.4245:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandboxpaas:22.2.4151:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandboxpaas:22.2.4134:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandboxpaas:22.1.4113:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandboxpaas:21.4.4072:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandboxpaas:21.3.4055:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandboxpaas:5.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandboxpaas:5.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandboxpaas:4.4.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandboxpaas:4.4.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandboxpaas:4.4.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandboxpaas:4.4.5:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiSandbox PaaS",
              "vendor": "Fortinet",
              "versions": [
                {
                  "status": "affected",
                  "version": "23.4.4374"
                },
                {
                  "status": "affected",
                  "version": "23.4.4350"
                },
                {
                  "status": "affected",
                  "version": "23.3.4329"
                },
                {
                  "status": "affected",
                  "version": "23.1.4245"
                },
                {
                  "status": "affected",
                  "version": "22.2.4151"
                },
                {
                  "status": "affected",
                  "version": "22.2.4134"
                },
                {
                  "status": "affected",
                  "version": "22.1.4113"
                },
                {
                  "status": "affected",
                  "version": "21.4.4072"
                },
                {
                  "status": "affected",
                  "version": "21.3.4055"
                },
                {
                  "lessThanOrEqual": "5.0.1",
                  "status": "affected",
                  "version": "5.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "4.4.8",
                  "status": "affected",
                  "version": "4.4.5",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A missing authorization vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.1, FortiSandbox 4.4.0 through 4.4.8, FortiSandbox Cloud 5.0.2 through 5.0.5, FortiSandbox PaaS 23.4 all versions, FortiSandbox PaaS 23.3 all versions, FortiSandbox PaaS 23.1 all versions, FortiSandbox PaaS 22.2 all versions, FortiSandbox PaaS 22.1 all versions, FortiSandbox PaaS 21.4 all versions, FortiSandbox PaaS 21.3 all versions, FortiSandbox PaaS 5.0.0 through 5.0.1, FortiSandbox PaaS 4.4.5 through 4.4.8 may allow an unauthenticated attacker to execute unauthorized code or commands via HTTP requests."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.1,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "Execute unauthorized code or commands",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-12T16:54:04.923Z",
            "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
            "shortName": "fortinet"
          },
          "references": [
            {
              "name": "https://fortiguard.fortinet.com/psirt/FG-IR-26-136",
              "url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-136"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Fortinet remediated this issue in FortiSandbox Cloud version 5.0.2 and hence customers do not need to perform any action.\nFortinet remediated this issue in FortiSandbox Cloud version 4.4.9 and hence customers do not need to perform any action.\nUpgrade to FortiSandbox version 5.0.2 or above\nUpgrade to FortiSandbox version 4.4.9 or above\nUpgrade to FortiSandbox PaaS version 5.0.2 or above\nUpgrade to FortiSandbox PaaS version 4.4.9 or above"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "assignerShortName": "fortinet",
        "cveId": "CVE-2026-26083",
        "datePublished": "2026-05-12T16:54:04.923Z",
        "dateReserved": "2026-02-11T09:32:22.258Z",
        "dateUpdated": "2026-05-13T03:58:29.159Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-25690 (GCVE-0-2026-25690)

    Vulnerability from nvd – Published: 2026-05-12 16:54 – Updated: 2026-05-12 19:02
    VLAI
    Summary
    An improper neutralization of argument delimiters in a command ('argument injection') vulnerability in Fortinet FortiDeceptor 6.0.0 through 6.0.2, FortiDeceptor 5.3.0 through 5.3.3, FortiDeceptor 5.2.0 through 5.2.1, FortiDeceptor 5.1 all versions, FortiDeceptor 5.0 all versions may allow an authenticated attacker with at least read-only admin permission to read log files via HTTP crafted requests.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-88 - Information disclosure
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fortinet FortiDeceptor Affected: 6.0.0 , ≤ 6.0.2 (semver)
    Affected: 5.3.0 , ≤ 5.3.3 (semver)
    Affected: 5.2.0 , ≤ 5.2.1 (semver)
    Affected: 5.1.0
    Affected: 5.0.0
        cpe:2.3:a:fortinet:fortideceptor:6.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortideceptor:6.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortideceptor:6.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortideceptor:5.3.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortideceptor:5.3.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortideceptor:5.3.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortideceptor:5.3.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortideceptor:5.2.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortideceptor:5.2.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortideceptor:5.1.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortideceptor:5.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-25690",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-12T19:00:14.405140Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-12T19:02:21.579Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:fortinet:fortideceptor:6.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortideceptor:6.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortideceptor:6.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortideceptor:5.3.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortideceptor:5.3.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortideceptor:5.3.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortideceptor:5.3.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortideceptor:5.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortideceptor:5.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortideceptor:5.1.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortideceptor:5.0.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiDeceptor",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "6.0.2",
                  "status": "affected",
                  "version": "6.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "5.3.3",
                  "status": "affected",
                  "version": "5.3.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "5.2.1",
                  "status": "affected",
                  "version": "5.2.0",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "5.1.0"
                },
                {
                  "status": "affected",
                  "version": "5.0.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An improper neutralization of argument delimiters in a command (\u0027argument injection\u0027) vulnerability in Fortinet FortiDeceptor 6.0.0 through 6.0.2, FortiDeceptor 5.3.0 through 5.3.3, FortiDeceptor 5.2.0 through 5.2.1, FortiDeceptor 5.1 all versions, FortiDeceptor 5.0 all versions may allow an authenticated attacker with at least read-only admin permission to read log files via HTTP crafted requests."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:F/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-88",
                  "description": "Information disclosure",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-12T16:54:10.546Z",
            "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
            "shortName": "fortinet"
          },
          "references": [
            {
              "name": "https://fortiguard.fortinet.com/psirt/FG-IR-26-138",
              "url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-138"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to upcoming  FortiDeceptor version 6.3.0 or above\nUpgrade to FortiDeceptor version 6.1.0 or above"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "assignerShortName": "fortinet",
        "cveId": "CVE-2026-25690",
        "datePublished": "2026-05-12T16:54:10.546Z",
        "dateReserved": "2026-02-05T08:56:55.794Z",
        "dateUpdated": "2026-05-12T19:02:21.579Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-25088 (GCVE-0-2026-25088)

    Vulnerability from nvd – Published: 2026-05-12 16:54 – Updated: 2026-05-12 19:02
    VLAI
    Summary
    An improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiNDR 7.6.0 through 7.6.2, FortiNDR 7.4.0 through 7.4.9, FortiNDR 7.2 all versions, FortiNDR 7.1 all versions, FortiNDR 7.0 all versions may allow an authenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-89 - Execute unauthorized code or commands
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fortinet FortiNDR Affected: 7.6.0 , ≤ 7.6.2 (semver)
    Affected: 7.4.0 , ≤ 7.4.9 (semver)
    Affected: 7.2.0 , ≤ 7.2.5 (semver)
    Affected: 7.1.0 , ≤ 7.1.1 (semver)
    Affected: 7.0.0 , ≤ 7.0.7 (semver)
        cpe:2.3:a:fortinet:fortindr:7.6.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.6.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.6.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.4.9:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.4.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.4.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.4.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.4.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.4.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.4.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.4.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.4.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.4.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.2.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.2.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.2.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.2.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.2.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.2.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.1.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.1.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.0.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.0.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.0.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.0.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.0.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-25088",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-12T18:59:39.373512Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-12T19:02:51.082Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:fortinet:fortindr:7.6.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.6.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.6.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.4.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.4.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.4.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.4.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.4.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.1.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.1.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.0.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.0.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.0.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.0.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.0.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiNDR",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "7.6.2",
                  "status": "affected",
                  "version": "7.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.4.9",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.2.5",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.1.1",
                  "status": "affected",
                  "version": "7.1.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.7",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An improper neutralization of special elements used in an sql command (\u0027sql injection\u0027) vulnerability in Fortinet FortiNDR 7.6.0 through 7.6.2, FortiNDR 7.4.0 through 7.4.9, FortiNDR 7.2 all versions, FortiNDR 7.1 all versions, FortiNDR 7.0 all versions may allow an authenticated attacker to execute unauthorized code or commands via  specifically crafted HTTP requests."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:P/RL:O/RC:X",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "Execute unauthorized code or commands",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-12T16:54:07.352Z",
            "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
            "shortName": "fortinet"
          },
          "references": [
            {
              "name": "https://fortiguard.fortinet.com/psirt/FG-IR-26-134",
              "url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-134"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to FortiNDR version 7.6.3 or above\nUpgrade to FortiNDR version 7.4.10 or above"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "assignerShortName": "fortinet",
        "cveId": "CVE-2026-25088",
        "datePublished": "2026-05-12T16:54:07.352Z",
        "dateReserved": "2026-01-29T09:27:29.820Z",
        "dateUpdated": "2026-05-12T19:02:51.082Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-67604 (GCVE-0-2025-67604)

    Vulnerability from nvd – Published: 2026-05-12 16:54 – Updated: 2026-05-12 19:02
    VLAI
    Summary
    A use of potentially dangerous function vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.8, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer 6.4 all versions, FortiManager 7.6.0 through 7.6.4, FortiManager 7.4.0 through 7.4.8, FortiManager 7.2 all versions, FortiManager 7.0 all versions, FortiManager 6.4 all versions may allow an authenticated attacker to cause a system hang via multiple specially crafted HTTP requests causing crashes. This happens if internal locks are aligned, which is out of control of the attacker.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fortinet FortiAnalyzer Affected: 7.6.0 , ≤ 7.6.4 (semver)
    Affected: 7.4.0 , ≤ 7.4.8 (semver)
    Affected: 7.2.0 , ≤ 7.2.12 (semver)
    Affected: 7.0.0 , ≤ 7.0.16 (semver)
    Affected: 6.4.0 , ≤ 6.4.15 (semver)
        cpe:2.3:o:fortinet:fortianalyzer:7.6.4:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.6.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.6.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.6.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.6.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.4.8:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.4.7:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.4.6:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.4.5:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.4.4:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.4.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.4.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.4.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.4.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.2.12:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.2.11:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.2.10:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.2.9:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.2.8:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.2.7:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.2.6:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.2.5:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.2.4:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.2.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.2.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.2.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.2.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.0.16:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.0.15:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.0.14:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.0.13:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.0.12:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.0.11:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.0.10:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.0.9:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.0.8:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.0.7:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.0.6:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.0.5:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.0.4:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.0.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.0.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.0.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.0.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:6.4.15:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:6.4.14:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:6.4.13:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:6.4.12:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:6.4.11:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:6.4.10:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:6.4.9:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:6.4.8:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:6.4.7:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:6.4.6:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:6.4.5:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:6.4.4:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:6.4.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:6.4.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:6.4.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:6.4.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Fortinet FortiManager Affected: 7.6.0 , ≤ 7.6.4 (semver)
    Affected: 7.4.0 , ≤ 7.4.8 (semver)
    Affected: 7.2.0 , ≤ 7.2.12 (semver)
    Affected: 7.0.0 , ≤ 7.0.16 (semver)
    Affected: 6.4.0 , ≤ 6.4.15 (semver)
        cpe:2.3:o:fortinet:fortimanager:7.6.4:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.6.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.6.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.6.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.6.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.4.8:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.4.7:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.4.6:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.4.5:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.4.4:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.4.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.4.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.4.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.4.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.2.12:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.2.11:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.2.10:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.2.9:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.2.8:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.2.7:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.2.6:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.2.5:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.2.4:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.2.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.2.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.2.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.2.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.0.16:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.0.15:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.0.14:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.0.13:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.0.12:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.0.11:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.0.10:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.0.9:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.0.8:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.0.7:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.0.6:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.0.5:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.0.4:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.0.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.0.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.0.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.0.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:6.4.15:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:6.4.14:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:6.4.13:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:6.4.12:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:6.4.11:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:6.4.10:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:6.4.9:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:6.4.8:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:6.4.7:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:6.4.6:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:6.4.5:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:6.4.4:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:6.4.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:6.4.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:6.4.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:6.4.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-67604",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-12T19:00:29.874258Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-12T19:02:05.842Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:o:fortinet:fortianalyzer:7.6.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.6.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.6.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.6.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.6.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.4.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.4.7:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.4.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.4.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.2.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.2.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.2.10:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.2.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.2.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.2.7:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.0.16:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.0.15:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.0.14:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.0.13:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.0.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.0.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.0.10:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.0.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.0.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.0.7:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.0.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.0.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.0.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:6.4.15:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:6.4.14:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:6.4.13:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:6.4.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:6.4.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:6.4.10:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:6.4.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:6.4.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:6.4.7:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:6.4.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:6.4.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:6.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:6.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:6.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:6.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:6.4.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiAnalyzer",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "7.6.4",
                  "status": "affected",
                  "version": "7.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.4.8",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.2.12",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.16",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.4.15",
                  "status": "affected",
                  "version": "6.4.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:fortinet:fortimanager:7.6.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.6.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.6.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.6.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.6.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.4.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.4.7:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.4.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.4.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.2.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.2.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.2.10:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.2.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.2.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.2.7:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.0.16:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.0.15:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.0.14:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.0.13:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.0.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.0.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.0.10:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.0.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.0.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.0.7:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.0.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.0.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.0.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:6.4.15:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:6.4.14:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:6.4.13:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:6.4.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:6.4.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:6.4.10:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:6.4.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:6.4.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:6.4.7:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:6.4.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:6.4.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:6.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:6.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:6.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:6.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:6.4.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiManager",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "7.6.4",
                  "status": "affected",
                  "version": "7.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.4.8",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.2.12",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.16",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.4.15",
                  "status": "affected",
                  "version": "6.4.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A use of potentially dangerous function vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.8, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer 6.4 all versions, FortiManager 7.6.0 through 7.6.4, FortiManager 7.4.0 through 7.4.8, FortiManager 7.2 all versions, FortiManager 7.0 all versions, FortiManager 6.4 all versions may allow an authenticated attacker to cause a system hang via multiple specially crafted HTTP requests causing crashes. This happens if internal locks are aligned, which is out of control of the attacker."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 5.2,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:F/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-676",
                  "description": "Denial of service",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-12T16:54:11.929Z",
            "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
            "shortName": "fortinet"
          },
          "references": [
            {
              "name": "https://fortiguard.fortinet.com/psirt/FG-IR-26-137",
              "url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-137"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to FortiAnalyzer version 8.0.0 or above\nUpgrade to FortiAnalyzer version 7.6.5 or above\nUpgrade to FortiAnalyzer version 7.4.9 or above\nUpgrade to FortiWeb version 8.0.3 or above\nUpgrade to FortiWeb version 7.6.7 or above\nUpgrade to FortiManager version 8.0.0 or above\nUpgrade to FortiManager version 7.6.5 or above\nUpgrade to FortiManager version 7.4.9 or above\nUpgrade to upcoming  FortiVoice version 8.0.0 or above\nUpgrade to upcoming  FortiVoice version 7.4.2 or above\nUpgrade to upcoming  FortiSandbox version 5.2.0 or above\nUpgrade to FortiSandbox version 5.0.6 or above"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "assignerShortName": "fortinet",
        "cveId": "CVE-2025-67604",
        "datePublished": "2026-05-12T16:54:11.929Z",
        "dateReserved": "2025-12-09T14:59:55.699Z",
        "dateUpdated": "2026-05-12T19:02:05.842Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-53870 (GCVE-0-2025-53870)

    Vulnerability from nvd – Published: 2026-05-12 16:54 – Updated: 2026-05-13 03:58
    VLAI
    Summary
    An improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiAP 7.6.0 through 7.6.2, FortiAP 7.4.0 through 7.4.5, FortiAP 7.2 all versions, FortiAP 7.0 all versions, FortiAP 6.4 all versions, FortiAP-W2 7.4.0 through 7.4.4, FortiAP-W2 7.2 all versions, FortiAP-W2 7.0 all versions may allow an authenticated attacker to execute unauthorized code or commands via a specifically crafted cli command.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Escalation of privilege
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fortinet FortiAP Affected: 7.6.0 , ≤ 7.6.2 (semver)
    Affected: 7.4.0 , ≤ 7.4.5 (semver)
    Affected: 7.2.0 , ≤ 7.2.6 (semver)
    Affected: 7.0.0 , ≤ 7.0.7 (semver)
    Affected: 6.4.3 , ≤ 6.4.9 (semver)
        cpe:2.3:a:fortinet:fortiap:7.6.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap:7.6.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap:7.6.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap:7.4.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap:7.4.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap:7.4.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap:7.4.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap:7.4.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap:7.4.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap:7.2.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap:7.2.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap:7.2.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap:7.2.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap:7.2.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap:7.2.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap:7.2.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap:7.0.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap:7.0.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap:7.0.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap:7.0.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap:7.0.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap:7.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap:7.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap:7.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap:6.4.9:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap:6.4.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap:6.4.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap:6.4.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap:6.4.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap:6.4.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap:6.4.3:*:*:*:*:*:*:*
    Create a notification for this product.
    Fortinet FortiAP-W2 Affected: 7.4.0 , ≤ 7.4.4 (semver)
    Affected: 7.2.0 , ≤ 7.2.5 (semver)
    Affected: 7.0.0 , ≤ 7.0.8 (semver)
        cpe:2.3:a:fortinet:fortiap-w2:7.4.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap-w2:7.4.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap-w2:7.4.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap-w2:7.4.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap-w2:7.4.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap-w2:7.2.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap-w2:7.2.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap-w2:7.2.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap-w2:7.2.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap-w2:7.2.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap-w2:7.2.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap-w2:7.0.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap-w2:7.0.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap-w2:7.0.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap-w2:7.0.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap-w2:7.0.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap-w2:7.0.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap-w2:7.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap-w2:7.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap-w2:7.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-53870",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-12T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-13T03:58:24.463Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:fortinet:fortiap:7.6.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap:7.6.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap:7.6.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap:7.4.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap:7.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap:7.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap:7.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap:7.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap:7.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap:7.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap:7.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap:7.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap:7.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap:7.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap:7.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap:7.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap:7.0.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap:7.0.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap:7.0.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap:7.0.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap:7.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap:7.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap:7.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap:7.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap:6.4.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap:6.4.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap:6.4.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap:6.4.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap:6.4.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap:6.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap:6.4.3:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiAP",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "7.6.2",
                  "status": "affected",
                  "version": "7.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.4.5",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.2.6",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.7",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.4.9",
                  "status": "affected",
                  "version": "6.4.3",
                  "versionType": "semver"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:fortinet:fortiap-w2:7.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap-w2:7.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap-w2:7.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap-w2:7.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap-w2:7.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap-w2:7.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap-w2:7.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap-w2:7.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap-w2:7.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap-w2:7.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap-w2:7.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap-w2:7.0.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap-w2:7.0.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap-w2:7.0.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap-w2:7.0.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap-w2:7.0.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap-w2:7.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap-w2:7.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap-w2:7.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap-w2:7.0.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiAP-W2",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "7.4.4",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.2.5",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.8",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An improper neutralization of special elements used in an os command (\u0027os command injection\u0027) vulnerability in Fortinet FortiAP 7.6.0 through 7.6.2, FortiAP 7.4.0 through 7.4.5, FortiAP 7.2 all versions, FortiAP 7.0 all versions, FortiAP 6.4 all versions, FortiAP-W2 7.4.0 through 7.4.4, FortiAP-W2 7.2 all versions, FortiAP-W2 7.0 all versions may allow  an authenticated attacker to execute unauthorized code or commands via a specifically crafted cli command."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "Escalation of privilege",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-12T16:54:32.010Z",
            "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
            "shortName": "fortinet"
          },
          "references": [
            {
              "name": "https://fortiguard.fortinet.com/psirt/FG-IR-26-133",
              "url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-133"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to FortiAP version 7.6.3 or above\nUpgrade to FortiAP version 7.4.6 or above\nUpgrade to FortiAP-U version 7.0.6 or above\nUpgrade to FortiAP-W2 version 7.4.5 or above"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "assignerShortName": "fortinet",
        "cveId": "CVE-2025-53870",
        "datePublished": "2026-05-12T16:54:32.010Z",
        "dateReserved": "2025-07-11T07:30:58.396Z",
        "dateUpdated": "2026-05-13T03:58:24.463Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-53844 (GCVE-0-2025-53844)

    Vulnerability from nvd – Published: 2026-05-12 16:54 – Updated: 2026-06-09 09:02
    VLAI
    Summary
    A out-of-bounds write vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2.0 through 7.2.11 allows attacker to execute unauthorized code or commands via specially crafted packets.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-787 - Execute unauthorized code or commands
    Assigner
    Impacted products
    Vendor Product Version
    Fortinet FortiOS Affected: 7.6.0 , ≤ 7.6.3 (semver)
    Affected: 7.4.0 , ≤ 7.4.8 (semver)
    Affected: 7.2.0 , ≤ 7.2.11 (semver)
    Affected: 7.0.0 , ≤ 7.0.17 (semver)
    Affected: 6.4.0 , ≤ 6.4.16 (semver)
    Affected: 6.2.0 , ≤ 6.2.17 (semver)
    Affected: 6.0.0 , ≤ 6.0.18 (semver)
        cpe:2.3:o:fortinet:fortios:7.6.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.6.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.6.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.6.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.8:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.7:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.6:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.5:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.4:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.11:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.10:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.9:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.8:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.7:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.6:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.5:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.4:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.17:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.16:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.15:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.14:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.13:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.12:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.11:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.10:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.9:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.8:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.7:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.6:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.5:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.4:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.16:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.15:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.14:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.13:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.12:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.11:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.10:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.9:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.8:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.7:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.6:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.5:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.4:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.2.17:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.2.16:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.2.15:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.2.14:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.2.13:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.2.12:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.2.11:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.2.10:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.2.9:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.2.8:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.2.7:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.2.6:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.2.5:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.2.4:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.2.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.2.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.2.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.2.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.0.18:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.0.17:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.0.16:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.0.15:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.0.14:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.0.13:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.0.12:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.0.11:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.0.10:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.0.9:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.0.8:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.0.7:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.0.6:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.0.5:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.0.4:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.0.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.0.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.0.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Siemens RUGGEDCOM APE1808 Affected: 0 , < * (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-53844",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-12T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-13T03:58:28.011Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "affected": [
              {
                "defaultStatus": "unknown",
                "product": "RUGGEDCOM APE1808",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-09T09:02:32.717Z",
              "orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
              "shortName": "siemens-SADP"
            },
            "references": [
              {
                "url": "https://cert-portal.siemens.com/productcert/html/ssa-864900.html"
              }
            ],
            "x_adpType": "supplier"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:o:fortinet:fortios:7.6.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.6.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.6.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.6.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.7:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.10:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.7:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.17:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.16:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.15:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.14:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.13:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.10:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.7:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.16:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.15:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.14:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.13:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.10:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.7:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.2.17:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.2.16:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.2.15:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.2.14:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.2.13:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.2.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.2.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.2.10:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.2.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.2.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.2.7:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.0.18:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.0.17:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.0.16:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.0.15:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.0.14:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.0.13:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.0.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.0.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.0.10:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.0.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.0.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.0.7:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.0.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.0.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.0.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.0.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiOS",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "7.6.3",
                  "status": "affected",
                  "version": "7.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.4.8",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.2.11",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.17",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.4.16",
                  "status": "affected",
                  "version": "6.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.2.17",
                  "status": "affected",
                  "version": "6.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.0.18",
                  "status": "affected",
                  "version": "6.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A out-of-bounds write vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2.0 through 7.2.11 allows attacker to execute unauthorized code or commands via specially crafted packets."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "Execute unauthorized code or commands",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-12T16:54:10.126Z",
            "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
            "shortName": "fortinet"
          },
          "references": [
            {
              "name": "https://fortiguard.fortinet.com/psirt/FG-IR-26-123",
              "url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-123"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to FortiOS version 7.6.4 or above\nUpgrade to FortiOS version 7.4.9 or above\nUpgrade to FortiOS version 7.2.12 or above\nUpgrade to FortiOS version 7.0.18 or above\nFortinet remediated this issue in FortiSASE version 25.3.a and hence customers do not need to perform any action.\nUpgrade to FortiSwitchManager version 7.2.7 or above\nUpgrade to FortiSwitchManager version 7.0.6 or above\nFortinet remediated this issue in FortiEdgeCloud version 25.3 and hence customers do not need to perform any action."
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "assignerShortName": "fortinet",
        "cveId": "CVE-2025-53844",
        "datePublished": "2026-05-12T16:54:10.126Z",
        "dateReserved": "2025-07-10T08:53:33.015Z",
        "dateUpdated": "2026-06-09T09:02:32.717Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-53681 (GCVE-0-2025-53681)

    Vulnerability from nvd – Published: 2026-05-12 16:54 – Updated: 2026-05-13 03:58
    VLAI
    Summary
    An improper neutralization of special elements used in an SQL Command ("SQL Injection&") vulnerability [CWE-89] vulnerability in Fortinet FortiMail 7.6.0 through 7.6.3, FortiMail 7.4.0 through 7.4.5, FortiMail 7.2.0 through 7.2.8 allows an authenticated privileged attacker to execute unauthorized code or commands via specifically crafted HTTP or HTTPS requests.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-89 - Execute unauthorized code or commands
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fortinet FortiMail Affected: 7.6.0 , ≤ 7.6.3 (semver)
    Affected: 7.4.0 , ≤ 7.4.5 (semver)
    Affected: 7.2.0 , ≤ 7.2.8 (semver)
        cpe:2.3:a:fortinet:fortimail:7.6.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.6.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.6.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.6.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.4.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.4.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.4.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.4.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.4.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.4.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.2.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.2.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.2.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.2.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.2.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.2.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.2.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.2.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.2.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-53681",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-12T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-13T03:58:26.763Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:fortinet:fortimail:7.6.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.6.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.6.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.6.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.4.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.2.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.2.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.2.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiMail",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "7.6.3",
                  "status": "affected",
                  "version": "7.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.4.5",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.2.8",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An improper neutralization of special elements used in an SQL Command (\"SQL Injection\u0026\") vulnerability [CWE-89] vulnerability in Fortinet FortiMail 7.6.0 through 7.6.3, FortiMail 7.4.0 through 7.4.5, FortiMail 7.2.0 through 7.2.8 allows an authenticated privileged attacker to execute unauthorized code or commands via specifically crafted HTTP or HTTPS requests."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "Execute unauthorized code or commands",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-12T16:54:11.052Z",
            "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
            "shortName": "fortinet"
          },
          "references": [
            {
              "name": "https://fortiguard.fortinet.com/psirt/FG-IR-26-132",
              "url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-132"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to FortiMail version 7.6.4 or above\nUpgrade to FortiMail version 7.4.6 or above\nUpgrade to FortiMail version 7.2.9 or above\nFortinet remediated this issue in FortiMail Cloud version 25.2 and hence customers do not need to perform any action."
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "assignerShortName": "fortinet",
        "cveId": "CVE-2025-53681",
        "datePublished": "2026-05-12T16:54:11.052Z",
        "dateReserved": "2025-07-08T09:23:05.011Z",
        "dateUpdated": "2026-05-13T03:58:26.763Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-53680 (GCVE-0-2025-53680)

    Vulnerability from nvd – Published: 2026-05-12 16:54 – Updated: 2026-05-13 03:58
    VLAI
    Summary
    An improper neutralization of special elements used in an OS command ("OS Command Injection") vulnerability [CWE-78] vulnerability in Fortinet FortiAP 7.6.0 through 7.6.2, FortiAP 7.4.0 through 7.4.5, FortiAP 7.2 all versions, FortiAP 7.0 all versions, FortiAP 6.4 all versions, FortiAP-U 7.0.0 through 7.0.5, FortiAP-U 6.2 all versions, FortiAP-W2 7.4.0 through 7.4.4, FortiAP-W2 7.2 all versions, FortiAP-W2 7.0 all versions allows an authenticated privileged attacker to execute unauthorized code or commands via crafted CLI requests.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Execute unauthorized code or commands
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fortinet FortiAP Affected: 7.6.0 , ≤ 7.6.2 (semver)
    Affected: 7.4.0 , ≤ 7.4.5 (semver)
    Affected: 7.2.0 , ≤ 7.2.6 (semver)
    Affected: 7.0.0 , ≤ 7.0.7 (semver)
    Affected: 6.4.3 , ≤ 6.4.9 (semver)
        cpe:2.3:a:fortinet:fortiap:7.6.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap:7.6.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap:7.6.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap:7.4.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap:7.4.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap:7.4.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap:7.4.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap:7.4.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap:7.4.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap:7.2.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap:7.2.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap:7.2.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap:7.2.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap:7.2.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap:7.2.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap:7.2.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap:7.0.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap:7.0.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap:7.0.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap:7.0.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap:7.0.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap:7.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap:7.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap:7.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap:6.4.9:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap:6.4.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap:6.4.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap:6.4.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap:6.4.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap:6.4.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap:6.4.3:*:*:*:*:*:*:*
    Create a notification for this product.
    Fortinet FortiAP-W2 Affected: 7.4.0 , ≤ 7.4.4 (semver)
    Affected: 7.2.0 , ≤ 7.2.5 (semver)
    Affected: 7.0.0 , ≤ 7.0.8 (semver)
        cpe:2.3:a:fortinet:fortiap-w2:7.4.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap-w2:7.4.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap-w2:7.4.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap-w2:7.4.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap-w2:7.4.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap-w2:7.2.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap-w2:7.2.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap-w2:7.2.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap-w2:7.2.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap-w2:7.2.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap-w2:7.2.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap-w2:7.0.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap-w2:7.0.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap-w2:7.0.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap-w2:7.0.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap-w2:7.0.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap-w2:7.0.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap-w2:7.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap-w2:7.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap-w2:7.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Fortinet FortiAP-U Affected: 7.0.0 , ≤ 7.0.5 (semver)
    Affected: 6.2.0 , ≤ 6.2.6 (semver)
        cpe:2.3:a:fortinet:fortiap-u:7.0.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap-u:7.0.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap-u:7.0.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap-u:7.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap-u:7.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap-u:7.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap-u:6.2.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap-u:6.2.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap-u:6.2.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap-u:6.2.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap-u:6.2.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap-u:6.2.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap-u:6.2.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-53680",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-12T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-13T03:58:25.615Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:fortinet:fortiap:7.6.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap:7.6.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap:7.6.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap:7.4.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap:7.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap:7.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap:7.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap:7.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap:7.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap:7.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap:7.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap:7.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap:7.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap:7.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap:7.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap:7.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap:7.0.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap:7.0.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap:7.0.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap:7.0.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap:7.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap:7.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap:7.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap:7.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap:6.4.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap:6.4.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap:6.4.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap:6.4.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap:6.4.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap:6.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap:6.4.3:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiAP",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "7.6.2",
                  "status": "affected",
                  "version": "7.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.4.5",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.2.6",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.7",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.4.9",
                  "status": "affected",
                  "version": "6.4.3",
                  "versionType": "semver"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:fortinet:fortiap-w2:7.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap-w2:7.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap-w2:7.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap-w2:7.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap-w2:7.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap-w2:7.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap-w2:7.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap-w2:7.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap-w2:7.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap-w2:7.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap-w2:7.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap-w2:7.0.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap-w2:7.0.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap-w2:7.0.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap-w2:7.0.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap-w2:7.0.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap-w2:7.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap-w2:7.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap-w2:7.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap-w2:7.0.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiAP-W2",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "7.4.4",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.2.5",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.8",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:fortinet:fortiap-u:7.0.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap-u:7.0.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap-u:7.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap-u:7.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap-u:7.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap-u:7.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap-u:6.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap-u:6.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap-u:6.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap-u:6.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap-u:6.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap-u:6.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap-u:6.2.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiAP-U",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "7.0.5",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.2.6",
                  "status": "affected",
                  "version": "6.2.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An improper neutralization of special elements used in an OS command (\"OS Command Injection\") vulnerability [CWE-78] vulnerability in Fortinet FortiAP 7.6.0 through 7.6.2, FortiAP 7.4.0 through 7.4.5, FortiAP 7.2 all versions, FortiAP 7.0 all versions, FortiAP 6.4 all versions, FortiAP-U 7.0.0 through 7.0.5, FortiAP-U 6.2 all versions, FortiAP-W2 7.4.0 through 7.4.4, FortiAP-W2 7.2 all versions, FortiAP-W2 7.0 all versions allows an authenticated privileged attacker to execute unauthorized code or commands via crafted CLI requests."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "Execute unauthorized code or commands",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-12T16:54:15.555Z",
            "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
            "shortName": "fortinet"
          },
          "references": [
            {
              "name": "https://fortiguard.fortinet.com/psirt/FG-IR-26-131",
              "url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-131"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to FortiAP-U version 7.0.6 or above\nUpgrade to FortiAP-W2 version 7.4.5 or above\nUpgrade to FortiAP version 7.6.3 or above\nUpgrade to FortiAP version 7.4.6 or above"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "assignerShortName": "fortinet",
        "cveId": "CVE-2025-53680",
        "datePublished": "2026-05-12T16:54:15.555Z",
        "dateReserved": "2025-07-08T09:23:05.011Z",
        "dateUpdated": "2026-05-13T03:58:25.615Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-67862 (GCVE-0-2025-67862)

    Vulnerability from cvelistv5 – Published: 2026-06-09 14:27 – Updated: 2026-06-10 03:58
    VLAI
    Summary
    An Internal Asset Exposed to Unsafe Debug Access Level or State vulnerability [CWE-1244] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.2, FortiOS 7.4.0 through 7.4.7, FortiOS 7.2.0 through 7.2.10, FortiOS 7.0.0 through 7.0.16, FortiOS 6.4 all versions, FortiProxy 7.6.0 through 7.6.3, FortiProxy 7.4.0 through 7.4.10, FortiProxy 7.2.0 through 7.2.14, FortiProxy 7.0 all versions may allow an authenticated admin to execute lua scripts via crafted CLI commands.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-1244 - Execute unauthorized code or commands
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fortinet FortiOS Affected: 7.6.0 , ≤ 7.6.1 (semver)
    Affected: 7.4.0 , ≤ 7.4.6 (semver)
    Affected: 7.2.0 , ≤ 7.2.10 (semver)
    Affected: 7.0.0 , ≤ 7.0.16 (semver)
    Affected: 6.4.0 , ≤ 6.4.16 (semver)
        cpe:2.3:o:fortinet:fortios:7.6.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.6.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.6:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.5:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.4:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.10:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.9:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.8:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.7:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.6:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.5:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.4:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.16:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.15:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.14:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.13:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.12:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.11:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.10:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.9:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.8:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.7:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.6:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.5:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.4:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.16:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.15:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.14:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.13:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.12:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.11:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.10:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.9:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.8:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.7:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.6:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.5:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.4:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Fortinet FortiProxy Affected: 7.6.0 , ≤ 7.6.3 (semver)
    Affected: 7.4.0 , ≤ 7.4.10 (semver)
    Affected: 7.2.0 , ≤ 7.2.14 (semver)
    Affected: 7.0.0 , ≤ 7.0.23 (semver)
        cpe:2.3:a:fortinet:fortiproxy:7.6.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.6.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.6.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.6.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.10:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.9:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.14:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.13:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.12:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.11:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.10:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.9:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.23:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.22:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.21:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.20:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.19:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.18:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.17:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.16:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.15:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.14:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.13:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.12:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.11:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.10:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.9:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-67862",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-09T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-10T03:58:56.818Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:o:fortinet:fortios:7.6.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.6.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.10:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.7:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.16:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.15:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.14:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.13:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.10:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.7:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.16:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.15:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.14:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.13:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.10:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.7:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiOS",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "7.6.1",
                  "status": "affected",
                  "version": "7.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.4.6",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.2.10",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.16",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.4.16",
                  "status": "affected",
                  "version": "6.4.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:fortinet:fortiproxy:7.6.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.6.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.6.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.6.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.10:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.14:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.13:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.12:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.11:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.10:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.23:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.22:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.21:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.20:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.19:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.18:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.17:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.16:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.15:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.14:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.13:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.12:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.11:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.10:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiProxy",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "7.6.3",
                  "status": "affected",
                  "version": "7.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.4.10",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.2.14",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.23",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An Internal Asset Exposed to Unsafe Debug Access Level or State vulnerability [CWE-1244] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.2, FortiOS 7.4.0 through 7.4.7, FortiOS 7.2.0 through 7.2.10, FortiOS 7.0.0 through 7.0.16, FortiOS 6.4 all versions, FortiProxy 7.6.0 through 7.6.3, FortiProxy 7.4.0 through 7.4.10, FortiProxy 7.2.0 through 7.2.14, FortiProxy 7.0 all versions may allow an authenticated admin to execute lua scripts via crafted CLI commands."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1244",
                  "description": "Execute unauthorized code or commands",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-09T14:27:50.485Z",
            "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
            "shortName": "fortinet"
          },
          "references": [
            {
              "name": "https://fortiguard.fortinet.com/psirt/FG-IR-26-143",
              "url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-143"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to FortiOS version 7.6.3 or above\nUpgrade to FortiOS version 7.4.8 or above\nUpgrade to FortiOS version 7.2.11 or above\nUpgrade to FortiOS version 7.0.17 or above\nUpgrade to FortiProxy version 7.6.4 or above\nUpgrade to FortiProxy version 7.4.11 or above\nUpgrade to FortiProxy version 7.2.15 or above"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "assignerShortName": "fortinet",
        "cveId": "CVE-2025-67862",
        "datePublished": "2026-06-09T14:27:50.485Z",
        "dateReserved": "2025-12-12T15:39:26.251Z",
        "dateUpdated": "2026-06-10T03:58:56.818Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-25089 (GCVE-0-2026-25089)

    Vulnerability from cvelistv5 – Published: 2026-06-09 14:27 – Updated: 2026-06-10 13:35
    VLAI
    Summary
    A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8, FortiSandbox 4.2 all versions, FortiSandbox Cloud 5.0.4 through 5.0.5, FortiSandbox PaaS 5.0.4 through 5.0.5 may allow an unauthenticated attacker to execute unauthorized commands via specifically crafted HTTP requests
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Execute unauthorized code or commands
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fortinet FortiSandbox Affected: 5.0.0 , ≤ 5.0.5 (semver)
    Affected: 4.4.0 , ≤ 4.4.8 (semver)
    Affected: 4.2.1 , ≤ 4.2.8 (semver)
        cpe:2.3:a:fortinet:fortisandbox:5.0.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandbox:5.0.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandbox:5.0.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandbox:5.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandbox:5.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandbox:5.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandbox:4.4.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandbox:4.4.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandbox:4.4.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandbox:4.4.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandbox:4.4.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandbox:4.4.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandbox:4.4.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandbox:4.4.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandbox:4.4.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandbox:4.2.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandbox:4.2.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandbox:4.2.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandbox:4.2.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandbox:4.2.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandbox:4.2.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandbox:4.2.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandbox:4.2.1:*:*:*:*:*:*:*
    Create a notification for this product.
    Fortinet FortiSandbox Cloud Affected: 5.0.4 , ≤ 5.0.5 (semver)
        cpe:2.3:a:fortinet:fortisandboxcloud:5.0.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandboxcloud:5.0.4:*:*:*:*:*:*:*
    Create a notification for this product.
    Fortinet FortiSandbox PaaS Affected: 5.0.4 , ≤ 5.0.5 (semver)
        cpe:2.3:a:fortinet:fortisandboxpaas:5.0.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandboxpaas:5.0.4:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-25089",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-10T03:58:38.447554Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-10T13:35:01.375Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:fortinet:fortisandbox:5.0.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandbox:5.0.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandbox:5.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandbox:5.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandbox:5.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandbox:5.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandbox:4.4.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandbox:4.4.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandbox:4.4.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandbox:4.4.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandbox:4.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandbox:4.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandbox:4.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandbox:4.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandbox:4.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandbox:4.2.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandbox:4.2.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandbox:4.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandbox:4.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandbox:4.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandbox:4.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandbox:4.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandbox:4.2.1:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiSandbox",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "5.0.5",
                  "status": "affected",
                  "version": "5.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "4.4.8",
                  "status": "affected",
                  "version": "4.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "4.2.8",
                  "status": "affected",
                  "version": "4.2.1",
                  "versionType": "semver"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:fortinet:fortisandboxcloud:5.0.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandboxcloud:5.0.4:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiSandbox Cloud",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "5.0.5",
                  "status": "affected",
                  "version": "5.0.4",
                  "versionType": "semver"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:fortinet:fortisandboxpaas:5.0.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandboxpaas:5.0.4:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiSandbox PaaS",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "5.0.5",
                  "status": "affected",
                  "version": "5.0.4",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A improper neutralization of special elements used in an os command (\u0027os command injection\u0027) vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8, FortiSandbox 4.2 all versions, FortiSandbox Cloud 5.0.4 through 5.0.5, FortiSandbox PaaS 5.0.4 through 5.0.5 may allow an unauthenticated attacker to execute unauthorized commands via specifically crafted HTTP requests"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.1,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "Execute unauthorized code or commands",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-09T14:27:47.492Z",
            "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
            "shortName": "fortinet"
          },
          "references": [
            {
              "name": "https://fortiguard.fortinet.com/psirt/FG-IR-26-141",
              "url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-141"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to upcoming  FortiSandbox version 5.2.0 or above\nUpgrade to FortiSandbox version 5.0.6 or above\nUpgrade to FortiSandbox version 4.4.9 or above\nUpgrade to upcoming  FortiSandbox PaaS version 5.2.0 or above\nUpgrade to FortiSandbox PaaS version 5.0.6 or above\nFortinet remediated this issue in FortiSandbox Cloud version 5.2.0 (not released) and hence customers do not need to perform any action.\nFortinet remediated this issue in FortiSandbox Cloud version 5.0.6 (not released) and hence customers do not need to perform any action."
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "assignerShortName": "fortinet",
        "cveId": "CVE-2026-25089",
        "datePublished": "2026-06-09T14:27:47.492Z",
        "dateReserved": "2026-01-29T09:27:29.820Z",
        "dateUpdated": "2026-06-10T13:35:01.375Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-49938 (GCVE-0-2026-49938)

    Vulnerability from cvelistv5 – Published: 2026-06-09 14:27 – Updated: 2026-06-09 15:36
    VLAI
    Summary
    A improper access control vulnerability in Fortinet FortiPortal 7.4.0 through 7.4.7, FortiPortal 7.2.0 through 7.2.8, FortiPortal 7.0 all versions may allow attacker to improper access control via <insert attack vector here>
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-284 - Improper access control
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fortinet FortiPortal Affected: 7.4.0 , ≤ 7.4.7 (semver)
    Affected: 7.2.0 , ≤ 7.2.8 (semver)
    Affected: 7.0.0 , ≤ 7.0.14 (semver)
        cpe:2.3:a:fortinet:fortiportal:7.4.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiportal:7.4.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiportal:7.4.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiportal:7.4.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiportal:7.4.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiportal:7.4.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiportal:7.4.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiportal:7.4.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiportal:7.2.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiportal:7.2.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiportal:7.2.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiportal:7.2.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiportal:7.2.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiportal:7.2.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiportal:7.2.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiportal:7.2.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiportal:7.2.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiportal:7.0.14:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiportal:7.0.13:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiportal:7.0.12:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiportal:7.0.11:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiportal:7.0.10:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiportal:7.0.9:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiportal:7.0.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiportal:7.0.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiportal:7.0.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiportal:7.0.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiportal:7.0.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiportal:7.0.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiportal:7.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiportal:7.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiportal:7.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-49938",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-09T15:36:51.644752Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-09T15:36:59.170Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:fortinet:fortiportal:7.4.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiportal:7.4.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiportal:7.4.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiportal:7.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiportal:7.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiportal:7.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiportal:7.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiportal:7.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiportal:7.2.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiportal:7.2.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiportal:7.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiportal:7.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiportal:7.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiportal:7.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiportal:7.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiportal:7.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiportal:7.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiportal:7.0.14:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiportal:7.0.13:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiportal:7.0.12:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiportal:7.0.11:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiportal:7.0.10:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiportal:7.0.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiportal:7.0.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiportal:7.0.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiportal:7.0.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiportal:7.0.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiportal:7.0.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiportal:7.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiportal:7.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiportal:7.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiportal:7.0.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiPortal",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "7.4.7",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.2.8",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.14",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A improper access control vulnerability in Fortinet FortiPortal 7.4.0 through 7.4.7, FortiPortal 7.2.0 through 7.2.8, FortiPortal 7.0 all versions may allow attacker to improper access control via \u003cinsert attack vector here\u003e"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.2,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "Improper access control",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-09T14:27:42.914Z",
            "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
            "shortName": "fortinet"
          },
          "references": [
            {
              "name": "https://fortiguard.fortinet.com/psirt/FG-IR-26-140",
              "url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-140"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to FortiPortal version 7.4.8 or above\nUpgrade to upcoming  FortiPortal version 7.2.9 or above"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "assignerShortName": "fortinet",
        "cveId": "CVE-2026-49938",
        "datePublished": "2026-06-09T14:27:42.914Z",
        "dateReserved": "2026-06-02T15:05:18.629Z",
        "dateUpdated": "2026-06-09T15:36:59.170Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-53870 (GCVE-0-2025-53870)

    Vulnerability from cvelistv5 – Published: 2026-05-12 16:54 – Updated: 2026-05-13 03:58
    VLAI
    Summary
    An improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiAP 7.6.0 through 7.6.2, FortiAP 7.4.0 through 7.4.5, FortiAP 7.2 all versions, FortiAP 7.0 all versions, FortiAP 6.4 all versions, FortiAP-W2 7.4.0 through 7.4.4, FortiAP-W2 7.2 all versions, FortiAP-W2 7.0 all versions may allow an authenticated attacker to execute unauthorized code or commands via a specifically crafted cli command.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Escalation of privilege
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fortinet FortiAP Affected: 7.6.0 , ≤ 7.6.2 (semver)
    Affected: 7.4.0 , ≤ 7.4.5 (semver)
    Affected: 7.2.0 , ≤ 7.2.6 (semver)
    Affected: 7.0.0 , ≤ 7.0.7 (semver)
    Affected: 6.4.3 , ≤ 6.4.9 (semver)
        cpe:2.3:a:fortinet:fortiap:7.6.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap:7.6.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap:7.6.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap:7.4.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap:7.4.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap:7.4.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap:7.4.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap:7.4.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap:7.4.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap:7.2.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap:7.2.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap:7.2.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap:7.2.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap:7.2.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap:7.2.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap:7.2.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap:7.0.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap:7.0.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap:7.0.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap:7.0.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap:7.0.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap:7.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap:7.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap:7.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap:6.4.9:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap:6.4.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap:6.4.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap:6.4.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap:6.4.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap:6.4.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap:6.4.3:*:*:*:*:*:*:*
    Create a notification for this product.
    Fortinet FortiAP-W2 Affected: 7.4.0 , ≤ 7.4.4 (semver)
    Affected: 7.2.0 , ≤ 7.2.5 (semver)
    Affected: 7.0.0 , ≤ 7.0.8 (semver)
        cpe:2.3:a:fortinet:fortiap-w2:7.4.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap-w2:7.4.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap-w2:7.4.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap-w2:7.4.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap-w2:7.4.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap-w2:7.2.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap-w2:7.2.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap-w2:7.2.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap-w2:7.2.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap-w2:7.2.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap-w2:7.2.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap-w2:7.0.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap-w2:7.0.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap-w2:7.0.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap-w2:7.0.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap-w2:7.0.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap-w2:7.0.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap-w2:7.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap-w2:7.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap-w2:7.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-53870",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-12T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-13T03:58:24.463Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:fortinet:fortiap:7.6.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap:7.6.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap:7.6.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap:7.4.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap:7.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap:7.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap:7.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap:7.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap:7.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap:7.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap:7.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap:7.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap:7.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap:7.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap:7.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap:7.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap:7.0.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap:7.0.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap:7.0.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap:7.0.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap:7.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap:7.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap:7.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap:7.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap:6.4.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap:6.4.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap:6.4.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap:6.4.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap:6.4.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap:6.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap:6.4.3:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiAP",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "7.6.2",
                  "status": "affected",
                  "version": "7.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.4.5",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.2.6",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.7",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.4.9",
                  "status": "affected",
                  "version": "6.4.3",
                  "versionType": "semver"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:fortinet:fortiap-w2:7.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap-w2:7.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap-w2:7.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap-w2:7.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap-w2:7.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap-w2:7.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap-w2:7.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap-w2:7.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap-w2:7.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap-w2:7.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap-w2:7.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap-w2:7.0.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap-w2:7.0.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap-w2:7.0.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap-w2:7.0.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap-w2:7.0.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap-w2:7.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap-w2:7.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap-w2:7.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap-w2:7.0.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiAP-W2",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "7.4.4",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.2.5",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.8",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An improper neutralization of special elements used in an os command (\u0027os command injection\u0027) vulnerability in Fortinet FortiAP 7.6.0 through 7.6.2, FortiAP 7.4.0 through 7.4.5, FortiAP 7.2 all versions, FortiAP 7.0 all versions, FortiAP 6.4 all versions, FortiAP-W2 7.4.0 through 7.4.4, FortiAP-W2 7.2 all versions, FortiAP-W2 7.0 all versions may allow  an authenticated attacker to execute unauthorized code or commands via a specifically crafted cli command."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "Escalation of privilege",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-12T16:54:32.010Z",
            "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
            "shortName": "fortinet"
          },
          "references": [
            {
              "name": "https://fortiguard.fortinet.com/psirt/FG-IR-26-133",
              "url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-133"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to FortiAP version 7.6.3 or above\nUpgrade to FortiAP version 7.4.6 or above\nUpgrade to FortiAP-U version 7.0.6 or above\nUpgrade to FortiAP-W2 version 7.4.5 or above"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "assignerShortName": "fortinet",
        "cveId": "CVE-2025-53870",
        "datePublished": "2026-05-12T16:54:32.010Z",
        "dateReserved": "2025-07-11T07:30:58.396Z",
        "dateUpdated": "2026-05-13T03:58:24.463Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-53680 (GCVE-0-2025-53680)

    Vulnerability from cvelistv5 – Published: 2026-05-12 16:54 – Updated: 2026-05-13 03:58
    VLAI
    Summary
    An improper neutralization of special elements used in an OS command ("OS Command Injection") vulnerability [CWE-78] vulnerability in Fortinet FortiAP 7.6.0 through 7.6.2, FortiAP 7.4.0 through 7.4.5, FortiAP 7.2 all versions, FortiAP 7.0 all versions, FortiAP 6.4 all versions, FortiAP-U 7.0.0 through 7.0.5, FortiAP-U 6.2 all versions, FortiAP-W2 7.4.0 through 7.4.4, FortiAP-W2 7.2 all versions, FortiAP-W2 7.0 all versions allows an authenticated privileged attacker to execute unauthorized code or commands via crafted CLI requests.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Execute unauthorized code or commands
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fortinet FortiAP Affected: 7.6.0 , ≤ 7.6.2 (semver)
    Affected: 7.4.0 , ≤ 7.4.5 (semver)
    Affected: 7.2.0 , ≤ 7.2.6 (semver)
    Affected: 7.0.0 , ≤ 7.0.7 (semver)
    Affected: 6.4.3 , ≤ 6.4.9 (semver)
        cpe:2.3:a:fortinet:fortiap:7.6.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap:7.6.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap:7.6.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap:7.4.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap:7.4.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap:7.4.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap:7.4.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap:7.4.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap:7.4.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap:7.2.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap:7.2.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap:7.2.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap:7.2.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap:7.2.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap:7.2.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap:7.2.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap:7.0.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap:7.0.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap:7.0.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap:7.0.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap:7.0.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap:7.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap:7.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap:7.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap:6.4.9:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap:6.4.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap:6.4.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap:6.4.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap:6.4.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap:6.4.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap:6.4.3:*:*:*:*:*:*:*
    Create a notification for this product.
    Fortinet FortiAP-W2 Affected: 7.4.0 , ≤ 7.4.4 (semver)
    Affected: 7.2.0 , ≤ 7.2.5 (semver)
    Affected: 7.0.0 , ≤ 7.0.8 (semver)
        cpe:2.3:a:fortinet:fortiap-w2:7.4.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap-w2:7.4.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap-w2:7.4.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap-w2:7.4.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap-w2:7.4.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap-w2:7.2.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap-w2:7.2.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap-w2:7.2.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap-w2:7.2.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap-w2:7.2.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap-w2:7.2.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap-w2:7.0.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap-w2:7.0.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap-w2:7.0.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap-w2:7.0.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap-w2:7.0.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap-w2:7.0.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap-w2:7.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap-w2:7.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap-w2:7.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Fortinet FortiAP-U Affected: 7.0.0 , ≤ 7.0.5 (semver)
    Affected: 6.2.0 , ≤ 6.2.6 (semver)
        cpe:2.3:a:fortinet:fortiap-u:7.0.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap-u:7.0.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap-u:7.0.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap-u:7.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap-u:7.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap-u:7.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap-u:6.2.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap-u:6.2.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap-u:6.2.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap-u:6.2.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap-u:6.2.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap-u:6.2.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap-u:6.2.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-53680",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-12T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-13T03:58:25.615Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:fortinet:fortiap:7.6.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap:7.6.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap:7.6.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap:7.4.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap:7.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap:7.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap:7.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap:7.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap:7.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap:7.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap:7.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap:7.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap:7.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap:7.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap:7.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap:7.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap:7.0.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap:7.0.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap:7.0.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap:7.0.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap:7.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap:7.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap:7.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap:7.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap:6.4.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap:6.4.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap:6.4.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap:6.4.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap:6.4.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap:6.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap:6.4.3:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiAP",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "7.6.2",
                  "status": "affected",
                  "version": "7.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.4.5",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.2.6",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.7",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.4.9",
                  "status": "affected",
                  "version": "6.4.3",
                  "versionType": "semver"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:fortinet:fortiap-w2:7.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap-w2:7.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap-w2:7.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap-w2:7.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap-w2:7.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap-w2:7.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap-w2:7.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap-w2:7.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap-w2:7.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap-w2:7.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap-w2:7.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap-w2:7.0.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap-w2:7.0.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap-w2:7.0.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap-w2:7.0.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap-w2:7.0.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap-w2:7.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap-w2:7.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap-w2:7.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap-w2:7.0.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiAP-W2",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "7.4.4",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.2.5",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.8",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:fortinet:fortiap-u:7.0.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap-u:7.0.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap-u:7.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap-u:7.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap-u:7.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap-u:7.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap-u:6.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap-u:6.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap-u:6.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap-u:6.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap-u:6.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap-u:6.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap-u:6.2.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiAP-U",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "7.0.5",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.2.6",
                  "status": "affected",
                  "version": "6.2.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An improper neutralization of special elements used in an OS command (\"OS Command Injection\") vulnerability [CWE-78] vulnerability in Fortinet FortiAP 7.6.0 through 7.6.2, FortiAP 7.4.0 through 7.4.5, FortiAP 7.2 all versions, FortiAP 7.0 all versions, FortiAP 6.4 all versions, FortiAP-U 7.0.0 through 7.0.5, FortiAP-U 6.2 all versions, FortiAP-W2 7.4.0 through 7.4.4, FortiAP-W2 7.2 all versions, FortiAP-W2 7.0 all versions allows an authenticated privileged attacker to execute unauthorized code or commands via crafted CLI requests."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "Execute unauthorized code or commands",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-12T16:54:15.555Z",
            "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
            "shortName": "fortinet"
          },
          "references": [
            {
              "name": "https://fortiguard.fortinet.com/psirt/FG-IR-26-131",
              "url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-131"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to FortiAP-U version 7.0.6 or above\nUpgrade to FortiAP-W2 version 7.4.5 or above\nUpgrade to FortiAP version 7.6.3 or above\nUpgrade to FortiAP version 7.4.6 or above"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "assignerShortName": "fortinet",
        "cveId": "CVE-2025-53680",
        "datePublished": "2026-05-12T16:54:15.555Z",
        "dateReserved": "2025-07-08T09:23:05.011Z",
        "dateUpdated": "2026-05-13T03:58:25.615Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-67604 (GCVE-0-2025-67604)

    Vulnerability from cvelistv5 – Published: 2026-05-12 16:54 – Updated: 2026-05-12 19:02
    VLAI
    Summary
    A use of potentially dangerous function vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.8, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer 6.4 all versions, FortiManager 7.6.0 through 7.6.4, FortiManager 7.4.0 through 7.4.8, FortiManager 7.2 all versions, FortiManager 7.0 all versions, FortiManager 6.4 all versions may allow an authenticated attacker to cause a system hang via multiple specially crafted HTTP requests causing crashes. This happens if internal locks are aligned, which is out of control of the attacker.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fortinet FortiAnalyzer Affected: 7.6.0 , ≤ 7.6.4 (semver)
    Affected: 7.4.0 , ≤ 7.4.8 (semver)
    Affected: 7.2.0 , ≤ 7.2.12 (semver)
    Affected: 7.0.0 , ≤ 7.0.16 (semver)
    Affected: 6.4.0 , ≤ 6.4.15 (semver)
        cpe:2.3:o:fortinet:fortianalyzer:7.6.4:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.6.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.6.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.6.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.6.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.4.8:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.4.7:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.4.6:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.4.5:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.4.4:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.4.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.4.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.4.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.4.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.2.12:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.2.11:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.2.10:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.2.9:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.2.8:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.2.7:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.2.6:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.2.5:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.2.4:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.2.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.2.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.2.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.2.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.0.16:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.0.15:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.0.14:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.0.13:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.0.12:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.0.11:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.0.10:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.0.9:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.0.8:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.0.7:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.0.6:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.0.5:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.0.4:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.0.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.0.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.0.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.0.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:6.4.15:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:6.4.14:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:6.4.13:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:6.4.12:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:6.4.11:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:6.4.10:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:6.4.9:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:6.4.8:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:6.4.7:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:6.4.6:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:6.4.5:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:6.4.4:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:6.4.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:6.4.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:6.4.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:6.4.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Fortinet FortiManager Affected: 7.6.0 , ≤ 7.6.4 (semver)
    Affected: 7.4.0 , ≤ 7.4.8 (semver)
    Affected: 7.2.0 , ≤ 7.2.12 (semver)
    Affected: 7.0.0 , ≤ 7.0.16 (semver)
    Affected: 6.4.0 , ≤ 6.4.15 (semver)
        cpe:2.3:o:fortinet:fortimanager:7.6.4:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.6.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.6.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.6.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.6.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.4.8:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.4.7:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.4.6:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.4.5:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.4.4:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.4.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.4.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.4.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.4.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.2.12:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.2.11:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.2.10:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.2.9:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.2.8:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.2.7:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.2.6:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.2.5:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.2.4:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.2.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.2.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.2.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.2.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.0.16:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.0.15:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.0.14:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.0.13:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.0.12:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.0.11:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.0.10:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.0.9:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.0.8:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.0.7:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.0.6:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.0.5:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.0.4:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.0.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.0.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.0.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.0.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:6.4.15:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:6.4.14:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:6.4.13:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:6.4.12:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:6.4.11:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:6.4.10:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:6.4.9:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:6.4.8:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:6.4.7:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:6.4.6:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:6.4.5:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:6.4.4:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:6.4.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:6.4.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:6.4.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:6.4.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-67604",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-12T19:00:29.874258Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-12T19:02:05.842Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:o:fortinet:fortianalyzer:7.6.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.6.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.6.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.6.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.6.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.4.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.4.7:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.4.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.4.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.2.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.2.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.2.10:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.2.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.2.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.2.7:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.0.16:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.0.15:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.0.14:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.0.13:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.0.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.0.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.0.10:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.0.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.0.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.0.7:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.0.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.0.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.0.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:6.4.15:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:6.4.14:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:6.4.13:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:6.4.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:6.4.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:6.4.10:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:6.4.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:6.4.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:6.4.7:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:6.4.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:6.4.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:6.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:6.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:6.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:6.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:6.4.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiAnalyzer",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "7.6.4",
                  "status": "affected",
                  "version": "7.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.4.8",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.2.12",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.16",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.4.15",
                  "status": "affected",
                  "version": "6.4.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:fortinet:fortimanager:7.6.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.6.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.6.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.6.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.6.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.4.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.4.7:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.4.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.4.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.2.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.2.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.2.10:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.2.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.2.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.2.7:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.0.16:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.0.15:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.0.14:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.0.13:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.0.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.0.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.0.10:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.0.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.0.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.0.7:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.0.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.0.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.0.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:6.4.15:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:6.4.14:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:6.4.13:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:6.4.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:6.4.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:6.4.10:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:6.4.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:6.4.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:6.4.7:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:6.4.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:6.4.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:6.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:6.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:6.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:6.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:6.4.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiManager",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "7.6.4",
                  "status": "affected",
                  "version": "7.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.4.8",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.2.12",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.16",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.4.15",
                  "status": "affected",
                  "version": "6.4.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A use of potentially dangerous function vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.8, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer 6.4 all versions, FortiManager 7.6.0 through 7.6.4, FortiManager 7.4.0 through 7.4.8, FortiManager 7.2 all versions, FortiManager 7.0 all versions, FortiManager 6.4 all versions may allow an authenticated attacker to cause a system hang via multiple specially crafted HTTP requests causing crashes. This happens if internal locks are aligned, which is out of control of the attacker."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 5.2,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:F/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-676",
                  "description": "Denial of service",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-12T16:54:11.929Z",
            "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
            "shortName": "fortinet"
          },
          "references": [
            {
              "name": "https://fortiguard.fortinet.com/psirt/FG-IR-26-137",
              "url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-137"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to FortiAnalyzer version 8.0.0 or above\nUpgrade to FortiAnalyzer version 7.6.5 or above\nUpgrade to FortiAnalyzer version 7.4.9 or above\nUpgrade to FortiWeb version 8.0.3 or above\nUpgrade to FortiWeb version 7.6.7 or above\nUpgrade to FortiManager version 8.0.0 or above\nUpgrade to FortiManager version 7.6.5 or above\nUpgrade to FortiManager version 7.4.9 or above\nUpgrade to upcoming  FortiVoice version 8.0.0 or above\nUpgrade to upcoming  FortiVoice version 7.4.2 or above\nUpgrade to upcoming  FortiSandbox version 5.2.0 or above\nUpgrade to FortiSandbox version 5.0.6 or above"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "assignerShortName": "fortinet",
        "cveId": "CVE-2025-67604",
        "datePublished": "2026-05-12T16:54:11.929Z",
        "dateReserved": "2025-12-09T14:59:55.699Z",
        "dateUpdated": "2026-05-12T19:02:05.842Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-53681 (GCVE-0-2025-53681)

    Vulnerability from cvelistv5 – Published: 2026-05-12 16:54 – Updated: 2026-05-13 03:58
    VLAI
    Summary
    An improper neutralization of special elements used in an SQL Command ("SQL Injection&") vulnerability [CWE-89] vulnerability in Fortinet FortiMail 7.6.0 through 7.6.3, FortiMail 7.4.0 through 7.4.5, FortiMail 7.2.0 through 7.2.8 allows an authenticated privileged attacker to execute unauthorized code or commands via specifically crafted HTTP or HTTPS requests.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-89 - Execute unauthorized code or commands
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fortinet FortiMail Affected: 7.6.0 , ≤ 7.6.3 (semver)
    Affected: 7.4.0 , ≤ 7.4.5 (semver)
    Affected: 7.2.0 , ≤ 7.2.8 (semver)
        cpe:2.3:a:fortinet:fortimail:7.6.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.6.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.6.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.6.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.4.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.4.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.4.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.4.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.4.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.4.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.2.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.2.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.2.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.2.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.2.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.2.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.2.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.2.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.2.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-53681",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-12T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-13T03:58:26.763Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:fortinet:fortimail:7.6.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.6.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.6.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.6.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.4.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.2.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.2.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.2.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiMail",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "7.6.3",
                  "status": "affected",
                  "version": "7.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.4.5",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.2.8",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An improper neutralization of special elements used in an SQL Command (\"SQL Injection\u0026\") vulnerability [CWE-89] vulnerability in Fortinet FortiMail 7.6.0 through 7.6.3, FortiMail 7.4.0 through 7.4.5, FortiMail 7.2.0 through 7.2.8 allows an authenticated privileged attacker to execute unauthorized code or commands via specifically crafted HTTP or HTTPS requests."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "Execute unauthorized code or commands",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-12T16:54:11.052Z",
            "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
            "shortName": "fortinet"
          },
          "references": [
            {
              "name": "https://fortiguard.fortinet.com/psirt/FG-IR-26-132",
              "url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-132"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to FortiMail version 7.6.4 or above\nUpgrade to FortiMail version 7.4.6 or above\nUpgrade to FortiMail version 7.2.9 or above\nFortinet remediated this issue in FortiMail Cloud version 25.2 and hence customers do not need to perform any action."
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "assignerShortName": "fortinet",
        "cveId": "CVE-2025-53681",
        "datePublished": "2026-05-12T16:54:11.052Z",
        "dateReserved": "2025-07-08T09:23:05.011Z",
        "dateUpdated": "2026-05-13T03:58:26.763Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-25690 (GCVE-0-2026-25690)

    Vulnerability from cvelistv5 – Published: 2026-05-12 16:54 – Updated: 2026-05-12 19:02
    VLAI
    Summary
    An improper neutralization of argument delimiters in a command ('argument injection') vulnerability in Fortinet FortiDeceptor 6.0.0 through 6.0.2, FortiDeceptor 5.3.0 through 5.3.3, FortiDeceptor 5.2.0 through 5.2.1, FortiDeceptor 5.1 all versions, FortiDeceptor 5.0 all versions may allow an authenticated attacker with at least read-only admin permission to read log files via HTTP crafted requests.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-88 - Information disclosure
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fortinet FortiDeceptor Affected: 6.0.0 , ≤ 6.0.2 (semver)
    Affected: 5.3.0 , ≤ 5.3.3 (semver)
    Affected: 5.2.0 , ≤ 5.2.1 (semver)
    Affected: 5.1.0
    Affected: 5.0.0
        cpe:2.3:a:fortinet:fortideceptor:6.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortideceptor:6.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortideceptor:6.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortideceptor:5.3.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortideceptor:5.3.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortideceptor:5.3.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortideceptor:5.3.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortideceptor:5.2.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortideceptor:5.2.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortideceptor:5.1.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortideceptor:5.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-25690",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-12T19:00:14.405140Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-12T19:02:21.579Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:fortinet:fortideceptor:6.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortideceptor:6.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortideceptor:6.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortideceptor:5.3.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortideceptor:5.3.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortideceptor:5.3.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortideceptor:5.3.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortideceptor:5.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortideceptor:5.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortideceptor:5.1.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortideceptor:5.0.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiDeceptor",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "6.0.2",
                  "status": "affected",
                  "version": "6.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "5.3.3",
                  "status": "affected",
                  "version": "5.3.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "5.2.1",
                  "status": "affected",
                  "version": "5.2.0",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "5.1.0"
                },
                {
                  "status": "affected",
                  "version": "5.0.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An improper neutralization of argument delimiters in a command (\u0027argument injection\u0027) vulnerability in Fortinet FortiDeceptor 6.0.0 through 6.0.2, FortiDeceptor 5.3.0 through 5.3.3, FortiDeceptor 5.2.0 through 5.2.1, FortiDeceptor 5.1 all versions, FortiDeceptor 5.0 all versions may allow an authenticated attacker with at least read-only admin permission to read log files via HTTP crafted requests."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:F/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-88",
                  "description": "Information disclosure",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-12T16:54:10.546Z",
            "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
            "shortName": "fortinet"
          },
          "references": [
            {
              "name": "https://fortiguard.fortinet.com/psirt/FG-IR-26-138",
              "url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-138"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to upcoming  FortiDeceptor version 6.3.0 or above\nUpgrade to FortiDeceptor version 6.1.0 or above"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "assignerShortName": "fortinet",
        "cveId": "CVE-2026-25690",
        "datePublished": "2026-05-12T16:54:10.546Z",
        "dateReserved": "2026-02-05T08:56:55.794Z",
        "dateUpdated": "2026-05-12T19:02:21.579Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-53844 (GCVE-0-2025-53844)

    Vulnerability from cvelistv5 – Published: 2026-05-12 16:54 – Updated: 2026-06-09 09:02
    VLAI
    Summary
    A out-of-bounds write vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2.0 through 7.2.11 allows attacker to execute unauthorized code or commands via specially crafted packets.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-787 - Execute unauthorized code or commands
    Assigner
    Impacted products
    Vendor Product Version
    Fortinet FortiOS Affected: 7.6.0 , ≤ 7.6.3 (semver)
    Affected: 7.4.0 , ≤ 7.4.8 (semver)
    Affected: 7.2.0 , ≤ 7.2.11 (semver)
    Affected: 7.0.0 , ≤ 7.0.17 (semver)
    Affected: 6.4.0 , ≤ 6.4.16 (semver)
    Affected: 6.2.0 , ≤ 6.2.17 (semver)
    Affected: 6.0.0 , ≤ 6.0.18 (semver)
        cpe:2.3:o:fortinet:fortios:7.6.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.6.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.6.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.6.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.8:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.7:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.6:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.5:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.4:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.11:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.10:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.9:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.8:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.7:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.6:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.5:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.4:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.17:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.16:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.15:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.14:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.13:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.12:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.11:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.10:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.9:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.8:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.7:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.6:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.5:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.4:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.16:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.15:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.14:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.13:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.12:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.11:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.10:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.9:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.8:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.7:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.6:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.5:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.4:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.2.17:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.2.16:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.2.15:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.2.14:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.2.13:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.2.12:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.2.11:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.2.10:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.2.9:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.2.8:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.2.7:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.2.6:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.2.5:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.2.4:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.2.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.2.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.2.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.2.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.0.18:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.0.17:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.0.16:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.0.15:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.0.14:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.0.13:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.0.12:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.0.11:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.0.10:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.0.9:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.0.8:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.0.7:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.0.6:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.0.5:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.0.4:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.0.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.0.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.0.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Siemens RUGGEDCOM APE1808 Affected: 0 , < * (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-53844",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-12T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-13T03:58:28.011Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "affected": [
              {
                "defaultStatus": "unknown",
                "product": "RUGGEDCOM APE1808",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-09T09:02:32.717Z",
              "orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
              "shortName": "siemens-SADP"
            },
            "references": [
              {
                "url": "https://cert-portal.siemens.com/productcert/html/ssa-864900.html"
              }
            ],
            "x_adpType": "supplier"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:o:fortinet:fortios:7.6.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.6.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.6.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.6.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.7:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.10:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.7:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.17:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.16:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.15:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.14:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.13:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.10:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.7:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.16:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.15:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.14:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.13:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.10:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.7:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.2.17:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.2.16:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.2.15:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.2.14:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.2.13:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.2.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.2.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.2.10:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.2.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.2.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.2.7:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.0.18:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.0.17:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.0.16:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.0.15:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.0.14:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.0.13:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.0.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.0.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.0.10:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.0.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.0.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.0.7:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.0.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.0.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.0.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.0.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiOS",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "7.6.3",
                  "status": "affected",
                  "version": "7.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.4.8",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.2.11",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.17",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.4.16",
                  "status": "affected",
                  "version": "6.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.2.17",
                  "status": "affected",
                  "version": "6.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.0.18",
                  "status": "affected",
                  "version": "6.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A out-of-bounds write vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2.0 through 7.2.11 allows attacker to execute unauthorized code or commands via specially crafted packets."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "Execute unauthorized code or commands",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-12T16:54:10.126Z",
            "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
            "shortName": "fortinet"
          },
          "references": [
            {
              "name": "https://fortiguard.fortinet.com/psirt/FG-IR-26-123",
              "url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-123"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to FortiOS version 7.6.4 or above\nUpgrade to FortiOS version 7.4.9 or above\nUpgrade to FortiOS version 7.2.12 or above\nUpgrade to FortiOS version 7.0.18 or above\nFortinet remediated this issue in FortiSASE version 25.3.a and hence customers do not need to perform any action.\nUpgrade to FortiSwitchManager version 7.2.7 or above\nUpgrade to FortiSwitchManager version 7.0.6 or above\nFortinet remediated this issue in FortiEdgeCloud version 25.3 and hence customers do not need to perform any action."
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "assignerShortName": "fortinet",
        "cveId": "CVE-2025-53844",
        "datePublished": "2026-05-12T16:54:10.126Z",
        "dateReserved": "2025-07-10T08:53:33.015Z",
        "dateUpdated": "2026-06-09T09:02:32.717Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-44279 (GCVE-0-2026-44279)

    Vulnerability from cvelistv5 – Published: 2026-05-12 16:54 – Updated: 2026-06-26 08:23
    VLAI
    Summary
    An improper export of android application components vulnerability in Fortinet FortiTokenAndroid 6.2 all versions, FortiTokenAndroid 6.1 all versions, FortiTokenAndroid 5.2 all versions may allow attacker to disclose information via an exported Content Provider URI.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-926 - Improper access control
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fortinet FortiTokenAndroid Affected: 6.2.0
    Affected: 6.1.0
    Affected: 5.2.0 , ≤ 5.2.2 (semver)
        cpe:2.3:a:fortinet:fortitokenandroid:6.2.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortitokenandroid:6.1.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortitokenandroid:5.2.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortitokenandroid:5.2.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortitokenandroid:5.2.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-44279",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-12T18:59:55.342232Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-12T19:02:36.321Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:fortinet:fortitokenandroid:6.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortitokenandroid:6.1.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortitokenandroid:5.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortitokenandroid:5.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortitokenandroid:5.2.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiTokenAndroid",
              "vendor": "Fortinet",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.2.0"
                },
                {
                  "status": "affected",
                  "version": "6.1.0"
                },
                {
                  "lessThanOrEqual": "5.2.2",
                  "status": "affected",
                  "version": "5.2.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An improper export of android application components vulnerability in Fortinet FortiTokenAndroid 6.2 all versions, FortiTokenAndroid 6.1 all versions, FortiTokenAndroid 5.2 all versions may allow attacker to disclose information via an exported Content Provider URI."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-926",
                  "description": "Improper access control",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-26T08:23:24.786Z",
            "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
            "shortName": "fortinet"
          },
          "references": [
            {
              "name": "https://fortiguard.fortinet.com/psirt/FG-IR-26-130",
              "url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-130"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to FortiTokenAndroid version 6.4.0 or above"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "assignerShortName": "fortinet",
        "cveId": "CVE-2026-44279",
        "datePublished": "2026-05-12T16:54:09.625Z",
        "dateReserved": "2026-05-05T17:24:18.895Z",
        "dateUpdated": "2026-06-26T08:23:24.786Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-44278 (GCVE-0-2026-44278)

    Vulnerability from cvelistv5 – Published: 2026-05-12 16:54 – Updated: 2026-05-14 15:28
    VLAI
    Summary
    A use of hard-coded cryptographic key vulnerability in Fortinet FortiClientWindows 7.4.0 through 7.4.2, FortiClientWindows 7.2 all versions may allow attacker to information disclosure via <insert attack vector here>
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fortinet FortiClientWindows Affected: 7.4.0 , ≤ 7.4.2 (semver)
    Affected: 7.2.0 , ≤ 7.2.14 (semver)
        cpe:2.3:a:fortinet:forticlientwindows:7.4.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticlientwindows:7.4.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticlientwindows:7.4.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticlientwindows:7.2.14:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticlientwindows:7.2.13:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticlientwindows:7.2.12:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticlientwindows:7.2.11:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticlientwindows:7.2.10:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticlientwindows:7.2.9:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticlientwindows:7.2.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticlientwindows:7.2.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticlientwindows:7.2.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticlientwindows:7.2.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticlientwindows:7.2.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticlientwindows:7.2.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticlientwindows:7.2.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticlientwindows:7.2.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticlientwindows:7.2.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-44278",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-12T18:59:50.445107Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-12T19:02:43.679Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:fortinet:forticlientwindows:7.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticlientwindows:7.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticlientwindows:7.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticlientwindows:7.2.14:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticlientwindows:7.2.13:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticlientwindows:7.2.12:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticlientwindows:7.2.11:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticlientwindows:7.2.10:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticlientwindows:7.2.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticlientwindows:7.2.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticlientwindows:7.2.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticlientwindows:7.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticlientwindows:7.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticlientwindows:7.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticlientwindows:7.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticlientwindows:7.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticlientwindows:7.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticlientwindows:7.2.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiClientWindows",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "7.4.2",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.2.14",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A use of hard-coded cryptographic key vulnerability in Fortinet FortiClientWindows 7.4.0 through 7.4.2, FortiClientWindows 7.2 all versions may allow attacker to information disclosure via \u003cinsert attack vector here\u003e"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 2.1,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-321",
                  "description": "Information disclosure",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-14T15:28:56.927Z",
            "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
            "shortName": "fortinet"
          },
          "references": [
            {
              "name": "https://fortiguard.fortinet.com/psirt/FG-IR-26-129",
              "url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-129"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to FortiClientWindows version 7.4.3 or above"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "assignerShortName": "fortinet",
        "cveId": "CVE-2026-44278",
        "datePublished": "2026-05-12T16:54:09.226Z",
        "dateReserved": "2026-05-05T17:24:17.727Z",
        "dateUpdated": "2026-05-14T15:28:56.927Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-25088 (GCVE-0-2026-25088)

    Vulnerability from cvelistv5 – Published: 2026-05-12 16:54 – Updated: 2026-05-12 19:02
    VLAI
    Summary
    An improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiNDR 7.6.0 through 7.6.2, FortiNDR 7.4.0 through 7.4.9, FortiNDR 7.2 all versions, FortiNDR 7.1 all versions, FortiNDR 7.0 all versions may allow an authenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-89 - Execute unauthorized code or commands
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fortinet FortiNDR Affected: 7.6.0 , ≤ 7.6.2 (semver)
    Affected: 7.4.0 , ≤ 7.4.9 (semver)
    Affected: 7.2.0 , ≤ 7.2.5 (semver)
    Affected: 7.1.0 , ≤ 7.1.1 (semver)
    Affected: 7.0.0 , ≤ 7.0.7 (semver)
        cpe:2.3:a:fortinet:fortindr:7.6.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.6.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.6.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.4.9:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.4.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.4.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.4.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.4.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.4.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.4.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.4.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.4.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.4.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.2.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.2.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.2.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.2.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.2.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.2.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.1.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.1.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.0.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.0.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.0.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.0.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.0.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-25088",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-12T18:59:39.373512Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-12T19:02:51.082Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:fortinet:fortindr:7.6.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.6.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.6.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.4.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.4.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.4.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.4.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.4.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.1.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.1.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.0.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.0.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.0.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.0.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.0.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiNDR",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "7.6.2",
                  "status": "affected",
                  "version": "7.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.4.9",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.2.5",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.1.1",
                  "status": "affected",
                  "version": "7.1.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.7",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An improper neutralization of special elements used in an sql command (\u0027sql injection\u0027) vulnerability in Fortinet FortiNDR 7.6.0 through 7.6.2, FortiNDR 7.4.0 through 7.4.9, FortiNDR 7.2 all versions, FortiNDR 7.1 all versions, FortiNDR 7.0 all versions may allow an authenticated attacker to execute unauthorized code or commands via  specifically crafted HTTP requests."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:P/RL:O/RC:X",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "Execute unauthorized code or commands",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-12T16:54:07.352Z",
            "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
            "shortName": "fortinet"
          },
          "references": [
            {
              "name": "https://fortiguard.fortinet.com/psirt/FG-IR-26-134",
              "url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-134"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to FortiNDR version 7.6.3 or above\nUpgrade to FortiNDR version 7.4.10 or above"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "assignerShortName": "fortinet",
        "cveId": "CVE-2026-25088",
        "datePublished": "2026-05-12T16:54:07.352Z",
        "dateReserved": "2026-01-29T09:27:29.820Z",
        "dateUpdated": "2026-05-12T19:02:51.082Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-44277 (GCVE-0-2026-44277)

    Vulnerability from cvelistv5 – Published: 2026-05-12 16:54 – Updated: 2026-05-28 09:30
    VLAI
    Summary
    A improper access control vulnerability in Fortinet FortiAuthenticator 8.0.2, FortiAuthenticator 8.0.0, FortiAuthenticator 6.6.0 through 6.6.8, FortiAuthenticator 6.5.0 through 6.5.6 may allow attacker to execute unauthorized code or commands via crafted requests.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-284 - Execute unauthorized code or commands
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fortinet FortiAuthenticator Affected: 8.0.2
    Affected: 8.0.0
    Affected: 6.6.0 , ≤ 6.6.8 (semver)
    Affected: 6.5.0 , ≤ 6.5.6 (semver)
    Affected: 6.4.0 , ≤ 6.4.10 (semver)
        cpe:2.3:a:fortinet:fortiauthenticator:8.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiauthenticator:8.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiauthenticator:6.6.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiauthenticator:6.6.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiauthenticator:6.6.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiauthenticator:6.6.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiauthenticator:6.6.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiauthenticator:6.6.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiauthenticator:6.6.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiauthenticator:6.6.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiauthenticator:6.6.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiauthenticator:6.5.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiauthenticator:6.5.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiauthenticator:6.5.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiauthenticator:6.5.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiauthenticator:6.5.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiauthenticator:6.5.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiauthenticator:6.5.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiauthenticator:6.4.10:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiauthenticator:6.4.9:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiauthenticator:6.4.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiauthenticator:6.4.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiauthenticator:6.4.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiauthenticator:6.4.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiauthenticator:6.4.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiauthenticator:6.4.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiauthenticator:6.4.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiauthenticator:6.4.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiauthenticator:6.4.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-44277",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-12T18:59:33.244531Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-12T19:02:58.505Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:fortinet:fortiauthenticator:8.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiauthenticator:8.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiauthenticator:6.6.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiauthenticator:6.6.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiauthenticator:6.6.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiauthenticator:6.6.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiauthenticator:6.6.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiauthenticator:6.6.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiauthenticator:6.6.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiauthenticator:6.6.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiauthenticator:6.6.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiauthenticator:6.5.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiauthenticator:6.5.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiauthenticator:6.5.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiauthenticator:6.5.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiauthenticator:6.5.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiauthenticator:6.5.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiauthenticator:6.5.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiauthenticator:6.4.10:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiauthenticator:6.4.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiauthenticator:6.4.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiauthenticator:6.4.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiauthenticator:6.4.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiauthenticator:6.4.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiauthenticator:6.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiauthenticator:6.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiauthenticator:6.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiauthenticator:6.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiauthenticator:6.4.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiAuthenticator",
              "vendor": "Fortinet",
              "versions": [
                {
                  "status": "affected",
                  "version": "8.0.2"
                },
                {
                  "status": "affected",
                  "version": "8.0.0"
                },
                {
                  "lessThanOrEqual": "6.6.8",
                  "status": "affected",
                  "version": "6.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.5.6",
                  "status": "affected",
                  "version": "6.5.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.4.10",
                  "status": "affected",
                  "version": "6.4.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A improper access control vulnerability in Fortinet FortiAuthenticator 8.0.2, FortiAuthenticator 8.0.0, FortiAuthenticator 6.6.0 through 6.6.8, FortiAuthenticator 6.5.0 through 6.5.6 may allow attacker to execute unauthorized code or commands via crafted requests."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.1,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "Execute unauthorized code or commands",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-28T09:30:16.137Z",
            "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
            "shortName": "fortinet"
          },
          "references": [
            {
              "name": "https://fortiguard.fortinet.com/psirt/FG-IR-26-128",
              "url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-128"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to FortiAuthenticator version 8.0.3 or above\nUpgrade to FortiAuthenticator version 8.0.1 or above\nUpgrade to FortiAuthenticator version 6.6.9 or above\nUpgrade to FortiAuthenticator version 6.5.7 or above\nUpgrade to FortiAuthenticator version 6.4.11 or above\nUpgrade to FortiAuthenticator version 6.3.5 or above"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "assignerShortName": "fortinet",
        "cveId": "CVE-2026-44277",
        "datePublished": "2026-05-12T16:54:05.024Z",
        "dateReserved": "2026-05-05T17:24:16.702Z",
        "dateUpdated": "2026-05-28T09:30:16.137Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-26083 (GCVE-0-2026-26083)

    Vulnerability from cvelistv5 – Published: 2026-05-12 16:54 – Updated: 2026-05-13 03:58
    VLAI
    Summary
    A missing authorization vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.1, FortiSandbox 4.4.0 through 4.4.8, FortiSandbox Cloud 5.0.2 through 5.0.5, FortiSandbox PaaS 23.4 all versions, FortiSandbox PaaS 23.3 all versions, FortiSandbox PaaS 23.1 all versions, FortiSandbox PaaS 22.2 all versions, FortiSandbox PaaS 22.1 all versions, FortiSandbox PaaS 21.4 all versions, FortiSandbox PaaS 21.3 all versions, FortiSandbox PaaS 5.0.0 through 5.0.1, FortiSandbox PaaS 4.4.5 through 4.4.8 may allow an unauthenticated attacker to execute unauthorized code or commands via HTTP requests.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-862 - Execute unauthorized code or commands
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fortinet FortiSandbox Cloud Affected: 5.0.0 , ≤ 5.0.1 (semver)
    Affected: 4.4.5 , ≤ 4.4.8 (semver)
        cpe:2.3:a:fortinet:fortisandboxcloud:5.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandboxcloud:5.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandboxcloud:4.4.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandboxcloud:4.4.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandboxcloud:4.4.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandboxcloud:4.4.5:*:*:*:*:*:*:*
    Create a notification for this product.
    Fortinet FortiSandbox Affected: 5.0.0 , ≤ 5.0.1 (semver)
    Affected: 4.4.0 , ≤ 4.4.8 (semver)
    Affected: 4.2.1 , ≤ 4.2.8 (semver)
        cpe:2.3:a:fortinet:fortisandbox:5.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandbox:5.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandbox:4.4.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandbox:4.4.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandbox:4.4.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandbox:4.4.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandbox:4.4.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandbox:4.4.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandbox:4.4.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandbox:4.4.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandbox:4.4.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandbox:4.2.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandbox:4.2.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandbox:4.2.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandbox:4.2.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandbox:4.2.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandbox:4.2.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandbox:4.2.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandbox:4.2.1:*:*:*:*:*:*:*
    Create a notification for this product.
    Fortinet FortiSandbox PaaS Affected: 23.4.4374
    Affected: 23.4.4350
    Affected: 23.3.4329
    Affected: 23.1.4245
    Affected: 22.2.4151
    Affected: 22.2.4134
    Affected: 22.1.4113
    Affected: 21.4.4072
    Affected: 21.3.4055
    Affected: 5.0.0 , ≤ 5.0.1 (semver)
    Affected: 4.4.5 , ≤ 4.4.8 (semver)
        cpe:2.3:a:fortinet:fortisandboxpaas:23.4.4374:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandboxpaas:23.4.4350:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandboxpaas:23.3.4329:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandboxpaas:23.1.4245:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandboxpaas:22.2.4151:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandboxpaas:22.2.4134:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandboxpaas:22.1.4113:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandboxpaas:21.4.4072:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandboxpaas:21.3.4055:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandboxpaas:5.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandboxpaas:5.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandboxpaas:4.4.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandboxpaas:4.4.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandboxpaas:4.4.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandboxpaas:4.4.5:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-26083",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-12T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-13T03:58:29.159Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:fortinet:fortisandboxcloud:5.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandboxcloud:5.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandboxcloud:4.4.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandboxcloud:4.4.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandboxcloud:4.4.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandboxcloud:4.4.5:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiSandbox Cloud",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "5.0.1",
                  "status": "affected",
                  "version": "5.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "4.4.8",
                  "status": "affected",
                  "version": "4.4.5",
                  "versionType": "semver"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:fortinet:fortisandbox:5.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandbox:5.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandbox:4.4.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandbox:4.4.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandbox:4.4.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandbox:4.4.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandbox:4.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandbox:4.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandbox:4.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandbox:4.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandbox:4.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandbox:4.2.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandbox:4.2.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandbox:4.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandbox:4.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandbox:4.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandbox:4.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandbox:4.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandbox:4.2.1:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiSandbox",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "5.0.1",
                  "status": "affected",
                  "version": "5.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "4.4.8",
                  "status": "affected",
                  "version": "4.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "4.2.8",
                  "status": "affected",
                  "version": "4.2.1",
                  "versionType": "semver"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:fortinet:fortisandboxpaas:23.4.4374:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandboxpaas:23.4.4350:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandboxpaas:23.3.4329:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandboxpaas:23.1.4245:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandboxpaas:22.2.4151:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandboxpaas:22.2.4134:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandboxpaas:22.1.4113:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandboxpaas:21.4.4072:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandboxpaas:21.3.4055:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandboxpaas:5.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandboxpaas:5.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandboxpaas:4.4.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandboxpaas:4.4.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandboxpaas:4.4.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandboxpaas:4.4.5:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiSandbox PaaS",
              "vendor": "Fortinet",
              "versions": [
                {
                  "status": "affected",
                  "version": "23.4.4374"
                },
                {
                  "status": "affected",
                  "version": "23.4.4350"
                },
                {
                  "status": "affected",
                  "version": "23.3.4329"
                },
                {
                  "status": "affected",
                  "version": "23.1.4245"
                },
                {
                  "status": "affected",
                  "version": "22.2.4151"
                },
                {
                  "status": "affected",
                  "version": "22.2.4134"
                },
                {
                  "status": "affected",
                  "version": "22.1.4113"
                },
                {
                  "status": "affected",
                  "version": "21.4.4072"
                },
                {
                  "status": "affected",
                  "version": "21.3.4055"
                },
                {
                  "lessThanOrEqual": "5.0.1",
                  "status": "affected",
                  "version": "5.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "4.4.8",
                  "status": "affected",
                  "version": "4.4.5",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A missing authorization vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.1, FortiSandbox 4.4.0 through 4.4.8, FortiSandbox Cloud 5.0.2 through 5.0.5, FortiSandbox PaaS 23.4 all versions, FortiSandbox PaaS 23.3 all versions, FortiSandbox PaaS 23.1 all versions, FortiSandbox PaaS 22.2 all versions, FortiSandbox PaaS 22.1 all versions, FortiSandbox PaaS 21.4 all versions, FortiSandbox PaaS 21.3 all versions, FortiSandbox PaaS 5.0.0 through 5.0.1, FortiSandbox PaaS 4.4.5 through 4.4.8 may allow an unauthenticated attacker to execute unauthorized code or commands via HTTP requests."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.1,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "Execute unauthorized code or commands",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-12T16:54:04.923Z",
            "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
            "shortName": "fortinet"
          },
          "references": [
            {
              "name": "https://fortiguard.fortinet.com/psirt/FG-IR-26-136",
              "url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-136"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Fortinet remediated this issue in FortiSandbox Cloud version 5.0.2 and hence customers do not need to perform any action.\nFortinet remediated this issue in FortiSandbox Cloud version 4.4.9 and hence customers do not need to perform any action.\nUpgrade to FortiSandbox version 5.0.2 or above\nUpgrade to FortiSandbox version 4.4.9 or above\nUpgrade to FortiSandbox PaaS version 5.0.2 or above\nUpgrade to FortiSandbox PaaS version 4.4.9 or above"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "assignerShortName": "fortinet",
        "cveId": "CVE-2026-26083",
        "datePublished": "2026-05-12T16:54:04.923Z",
        "dateReserved": "2026-02-11T09:32:22.258Z",
        "dateUpdated": "2026-05-13T03:58:29.159Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }