Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    3032 vulnerabilities by fortinet

    CVE-2026-59841 (GCVE-0-2026-59841)

    Vulnerability from nvd – Published: 2026-07-14 15:15 – Updated: 2026-07-14 15:50
    VLAI
    Summary
    A improper restriction of communication channel to intended endpoints vulnerability in Fortinet FortiSIEMWindowsAgent 7.4.0 through 7.4.1 may allow attacker to escalation of privilege via <insert attack vector here>
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-923 - Escalation of privilege
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fortinet FortiSIEMWindowsAgent Affected: 7.4.0 , ≤ 7.4.1 (semver)
        cpe:2.3:a:fortinet:fortisiemwindowsagent:7.4.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisiemwindowsagent:7.4.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-59841",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-14T15:50:33.791638Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-14T15:50:40.449Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:fortinet:fortisiemwindowsagent:7.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisiemwindowsagent:7.4.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiSIEMWindowsAgent",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "7.4.1",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A improper restriction of communication channel to intended endpoints vulnerability in Fortinet FortiSIEMWindowsAgent 7.4.0 through 7.4.1 may allow attacker to escalation of privilege via \u003cinsert attack vector here\u003e"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-923",
                  "description": "Escalation of privilege",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-14T15:15:08.048Z",
            "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
            "shortName": "fortinet"
          },
          "references": [
            {
              "name": "https://fortiguard.fortinet.com/psirt/FG-IR-26-155",
              "url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-155"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to FortiSIEMWindowsAgent version 7.4.2 or above"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "assignerShortName": "fortinet",
        "cveId": "CVE-2026-59841",
        "datePublished": "2026-07-14T15:15:08.048Z",
        "dateReserved": "2026-07-07T15:21:38.323Z",
        "dateUpdated": "2026-07-14T15:50:40.449Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-59840 (GCVE-0-2026-59840)

    Vulnerability from nvd – Published: 2026-07-14 15:19 – Updated: 2026-07-14 16:02
    VLAI
    Summary
    A buffer over-read vulnerability in Fortinet FortiOS 7.6.0 through 7.6.2, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2 all versions, FortiProxy 7.6.0 through 7.6.5, FortiProxy 7.4.0 through 7.4.13, FortiProxy 7.2 all versions may allow attacker to information disclosure via <insert attack vector here>
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fortinet FortiOS Affected: 7.6.0 , ≤ 7.6.2 (semver)
    Affected: 7.4.0 , ≤ 7.4.8 (semver)
    Affected: 7.2.0 , ≤ 7.2.13 (semver)
    Affected: 7.0.0 , ≤ 7.0.19 (semver)
    Affected: 6.4.0 , ≤ 6.4.16 (semver)
        cpe:2.3:o:fortinet:fortios:7.6.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.6.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.6.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.8:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.7:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.6:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.5:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.4:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.13:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.12:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.11:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.10:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.9:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.8:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.7:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.6:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.5:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.4:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.19:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.18:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.17:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.16:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.15:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.14:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.13:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.12:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.11:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.10:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.9:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.8:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.7:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.6:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.5:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.4:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.16:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.15:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.14:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.13:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.12:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.11:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.10:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.9:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.8:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.7:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.6:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.5:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.4:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Fortinet FortiPAM Affected: 1.7.0
    Affected: 1.6.0 , ≤ 1.6.2 (semver)
    Affected: 1.5.0 , ≤ 1.5.1 (semver)
    Affected: 1.4.0 , ≤ 1.4.3 (semver)
    Affected: 1.3.0 , ≤ 1.3.1 (semver)
    Affected: 1.2.0
    Affected: 1.1.0 , ≤ 1.1.2 (semver)
    Affected: 1.0.0 , ≤ 1.0.3 (semver)
        cpe:2.3:o:fortinet:fortipam:1.7.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.6.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.6.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.6.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.5.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.5.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.4.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.4.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.4.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.4.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.3.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.3.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.2.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.1.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.1.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.1.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.0.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.0.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.0.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Fortinet FortiSwitchManager Affected: 7.2.0 , ≤ 7.2.7 (semver)
    Affected: 7.0.0 , ≤ 7.0.6 (semver)
        cpe:2.3:a:fortinet:fortiswitchmanager:7.2.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiswitchmanager:7.2.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiswitchmanager:7.2.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiswitchmanager:7.2.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiswitchmanager:7.2.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiswitchmanager:7.2.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiswitchmanager:7.2.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiswitchmanager:7.2.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiswitchmanager:7.0.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiswitchmanager:7.0.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiswitchmanager:7.0.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiswitchmanager:7.0.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiswitchmanager:7.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiswitchmanager:7.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiswitchmanager:7.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Fortinet FortiProxy Affected: 7.6.0 , ≤ 7.6.5 (semver)
    Affected: 7.4.0 , ≤ 7.4.13 (semver)
    Affected: 7.2.0 , ≤ 7.2.16 (semver)
    Affected: 7.0.0 , ≤ 7.0.23 (semver)
        cpe:2.3:a:fortinet:fortiproxy:7.6.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.6.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.6.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.6.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.6.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.6.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.13:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.12:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.11:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.10:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.9:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.16:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.15:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.14:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.13:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.12:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.11:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.10:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.9:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.23:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.22:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.21:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.20:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.19:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.18:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.17:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.16:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.15:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.14:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.13:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.12:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.11:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.10:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.9:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-59840",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-14T15:57:19.678421Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-14T16:02:38.145Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:o:fortinet:fortios:7.6.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.6.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.6.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.7:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.13:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.10:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.7:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.19:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.18:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.17:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.16:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.15:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.14:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.13:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.10:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.7:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.16:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.15:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.14:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.13:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.10:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.7:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiOS",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "7.6.2",
                  "status": "affected",
                  "version": "7.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.4.8",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.2.13",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.19",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.4.16",
                  "status": "affected",
                  "version": "6.4.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:fortinet:fortipam:1.7.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.6.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.6.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.6.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.5.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.5.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.3.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.3.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.1.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.1.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.1.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.0.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiPAM",
              "vendor": "Fortinet",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.7.0"
                },
                {
                  "lessThanOrEqual": "1.6.2",
                  "status": "affected",
                  "version": "1.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "1.5.1",
                  "status": "affected",
                  "version": "1.5.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "1.4.3",
                  "status": "affected",
                  "version": "1.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "1.3.1",
                  "status": "affected",
                  "version": "1.3.0",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "1.2.0"
                },
                {
                  "lessThanOrEqual": "1.1.2",
                  "status": "affected",
                  "version": "1.1.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "1.0.3",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:fortinet:fortiswitchmanager:7.2.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiswitchmanager:7.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiswitchmanager:7.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiswitchmanager:7.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiswitchmanager:7.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiswitchmanager:7.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiswitchmanager:7.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiswitchmanager:7.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiswitchmanager:7.0.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiswitchmanager:7.0.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiswitchmanager:7.0.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiswitchmanager:7.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiswitchmanager:7.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiswitchmanager:7.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiswitchmanager:7.0.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiSwitchManager",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "7.2.7",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.6",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:fortinet:fortiproxy:7.6.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.6.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.6.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.6.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.6.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.6.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.13:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.12:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.11:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.10:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.16:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.15:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.14:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.13:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.12:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.11:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.10:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.23:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.22:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.21:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.20:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.19:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.18:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.17:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.16:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.15:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.14:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.13:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.12:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.11:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.10:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiProxy",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "7.6.5",
                  "status": "affected",
                  "version": "7.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.4.13",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.2.16",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.23",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A buffer over-read vulnerability in Fortinet FortiOS 7.6.0 through 7.6.2, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2 all versions, FortiProxy 7.6.0 through 7.6.5, FortiProxy 7.4.0 through 7.4.13, FortiProxy 7.2 all versions may allow attacker to information disclosure via \u003cinsert attack vector here\u003e"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-126",
                  "description": "Information disclosure",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-14T15:19:51.309Z",
            "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
            "shortName": "fortinet"
          },
          "references": [
            {
              "name": "https://fortiguard.fortinet.com/psirt/FG-IR-26-154",
              "url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-154"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to FortiOS version 7.6.4 or above\nUpgrade to FortiOS version 7.4.9 or above\nFortinet remediated this issue in FortiSASE version 25.4.b and hence customers do not need to perform any action.\nUpgrade to FortiProxy version 7.6.6 or above\nUpgrade to FortiProxy version 7.4.14 or above"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "assignerShortName": "fortinet",
        "cveId": "CVE-2026-59840",
        "datePublished": "2026-07-14T15:19:51.309Z",
        "dateReserved": "2026-07-07T15:21:36.593Z",
        "dateUpdated": "2026-07-14T16:02:38.145Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-59839 (GCVE-0-2026-59839)

    Vulnerability from nvd – Published: 2026-07-14 15:19 – Updated: 2026-07-14 16:02
    VLAI
    Summary
    A improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in Fortinet FortiOS 7.6.0 through 7.6.6, FortiOS 7.4.0 through 7.4.9, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions, FortiPAM 1.8.0, FortiPAM 1.7.0 through 1.7.2, FortiPAM 1.6 all versions, FortiPAM 1.5 all versions, FortiPAM 1.4 all versions, FortiPAM 1.3 all versions, FortiPAM 1.2 all versions, FortiPAM 1.1 all versions, FortiPAM 1.0 all versions, FortiProxy 7.6.0 through 7.6.5, FortiProxy 7.4 through 7.4.13, FortiProxy 7.2 all versions, FortiProxy 7.0 all versions may allow attacker to execute unauthorized code or commands via <insert attack vector here>
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-22 - Execute unauthorized code or commands
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fortinet FortiProxy Affected: 7.6.0 , ≤ 7.6.5 (semver)
    Affected: 7.4.0 , ≤ 7.4.13 (semver)
    Affected: 7.2.0 , ≤ 7.2.16 (semver)
    Affected: 7.0.0 , ≤ 7.0.23 (semver)
        cpe:2.3:a:fortinet:fortiproxy:7.6.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.6.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.6.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.6.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.6.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.6.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.13:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.12:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.11:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.10:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.9:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.16:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.15:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.14:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.13:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.12:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.11:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.10:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.9:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.23:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.22:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.21:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.20:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.19:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.18:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.17:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.16:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.15:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.14:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.13:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.12:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.11:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.10:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.9:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Fortinet FortiOS Affected: 7.6.0 , ≤ 7.6.6 (semver)
    Affected: 7.4.0 , ≤ 7.4.9 (semver)
    Affected: 7.2.0 , ≤ 7.2.13 (semver)
    Affected: 7.0.0 , ≤ 7.0.19 (semver)
    Affected: 6.4.0 , ≤ 6.4.16 (semver)
        cpe:2.3:o:fortinet:fortios:7.6.6:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.6.5:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.6.4:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.6.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.6.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.6.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.6.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.9:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.8:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.7:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.6:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.5:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.4:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.13:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.12:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.11:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.10:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.9:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.8:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.7:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.6:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.5:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.4:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.19:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.18:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.17:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.16:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.15:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.14:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.13:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.12:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.11:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.10:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.9:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.8:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.7:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.6:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.5:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.4:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.16:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.15:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.14:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.13:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.12:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.11:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.10:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.9:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.8:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.7:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.6:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.5:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.4:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Fortinet FortiPAM Affected: 1.8.0
    Affected: 1.7.0 , ≤ 1.7.2 (semver)
    Affected: 1.6.0 , ≤ 1.6.2 (semver)
    Affected: 1.5.0 , ≤ 1.5.1 (semver)
    Affected: 1.4.0 , ≤ 1.4.3 (semver)
    Affected: 1.3.0 , ≤ 1.3.1 (semver)
    Affected: 1.2.0
    Affected: 1.1.0 , ≤ 1.1.2 (semver)
    Affected: 1.0.0 , ≤ 1.0.3 (semver)
        cpe:2.3:o:fortinet:fortipam:1.8.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.7.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.7.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.7.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.6.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.6.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.6.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.5.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.5.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.4.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.4.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.4.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.4.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.3.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.3.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.2.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.1.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.1.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.1.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.0.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.0.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.0.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-59839",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-14T16:02:03.651467Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-14T16:02:10.053Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:fortinet:fortiproxy:7.6.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.6.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.6.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.6.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.6.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.6.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.13:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.12:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.11:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.10:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.16:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.15:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.14:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.13:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.12:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.11:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.10:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.23:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.22:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.21:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.20:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.19:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.18:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.17:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.16:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.15:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.14:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.13:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.12:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.11:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.10:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiProxy",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "7.6.5",
                  "status": "affected",
                  "version": "7.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.4.13",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.2.16",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.23",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:fortinet:fortios:7.6.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.6.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.6.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.6.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.6.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.6.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.6.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.7:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.13:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.10:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.7:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.19:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.18:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.17:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.16:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.15:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.14:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.13:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.10:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.7:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.16:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.15:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.14:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.13:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.10:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.7:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiOS",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "7.6.6",
                  "status": "affected",
                  "version": "7.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.4.9",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.2.13",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.19",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.4.16",
                  "status": "affected",
                  "version": "6.4.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:fortinet:fortipam:1.8.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.7.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.7.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.7.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.6.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.6.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.6.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.5.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.5.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.3.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.3.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.1.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.1.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.1.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.0.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiPAM",
              "vendor": "Fortinet",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.8.0"
                },
                {
                  "lessThanOrEqual": "1.7.2",
                  "status": "affected",
                  "version": "1.7.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "1.6.2",
                  "status": "affected",
                  "version": "1.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "1.5.1",
                  "status": "affected",
                  "version": "1.5.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "1.4.3",
                  "status": "affected",
                  "version": "1.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "1.3.1",
                  "status": "affected",
                  "version": "1.3.0",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "1.2.0"
                },
                {
                  "lessThanOrEqual": "1.1.2",
                  "status": "affected",
                  "version": "1.1.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "1.0.3",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A improper limitation of a pathname to a restricted directory (\u0027path traversal\u0027) vulnerability in Fortinet FortiOS 7.6.0 through 7.6.6, FortiOS 7.4.0 through 7.4.9, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions, FortiPAM 1.8.0, FortiPAM 1.7.0 through 1.7.2, FortiPAM 1.6 all versions, FortiPAM 1.5 all versions, FortiPAM 1.4 all versions, FortiPAM 1.3 all versions, FortiPAM 1.2 all versions, FortiPAM 1.1 all versions, FortiPAM 1.0 all versions, FortiProxy 7.6.0 through 7.6.5, FortiProxy 7.4 through 7.4.13, FortiProxy 7.2 all versions, FortiProxy 7.0 all versions may allow attacker to execute unauthorized code or commands via \u003cinsert attack vector here\u003e"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "PHYSICAL",
                "availabilityImpact": "HIGH",
                "baseScore": 5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H/E:P/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "Execute unauthorized code or commands",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-14T15:19:46.961Z",
            "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
            "shortName": "fortinet"
          },
          "references": [
            {
              "name": "https://fortiguard.fortinet.com/psirt/FG-IR-26-151",
              "url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-151"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to FortiProxy version 7.6.6 or above\nUpgrade to FortiOS version 8.0.0 or above\nUpgrade to FortiOS version 7.6.7 or above\nUpgrade to FortiOS version 7.4.10 or above\nFortinet remediated this issue in FortiSASE version 26.1.1 and hence customers do not need to perform any action.\nUpgrade to FortiPAM version 1.9.0 or above\nUpgrade to FortiPAM version 1.8.1 or above\nUpgrade to FortiSwitchManager version 7.2.8 or above"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "assignerShortName": "fortinet",
        "cveId": "CVE-2026-59839",
        "datePublished": "2026-07-14T15:19:46.961Z",
        "dateReserved": "2026-07-07T15:21:31.715Z",
        "dateUpdated": "2026-07-14T16:02:10.053Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-59837 (GCVE-0-2026-59837)

    Vulnerability from nvd – Published: 2026-07-14 15:06 – Updated: 2026-07-14 15:50
    VLAI
    Summary
    A stack-based buffer overflow vulnerability in Fortinet FortiOS 7.4.0 through 7.4.1, FortiOS 7.2 all versions, FortiPAM 1.8.0 through 1.8.2, FortiPAM 1.7 all versions, FortiPAM 1.6 all versions, FortiPAM 1.5 all versions, FortiPAM 1.4 all versions, FortiPAM 1.3 all versions, FortiPAM 1.2 all versions, FortiPAM 1.1 all versions, FortiPAM 1.0 all versions, FortiProxy 7.4.0 through 7.4.13, FortiProxy 7.2 all versions may allow a privileged authenticated attacker who can bypass stack protection and ASLR to execute arbitrary code or commands via crafted HTTP requests.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-121 - Execute unauthorized code or commands
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fortinet FortiPAM Affected: 1.8.0 , ≤ 1.8.2 (semver)
    Affected: 1.7.0 , ≤ 1.7.2 (semver)
    Affected: 1.6.0 , ≤ 1.6.2 (semver)
    Affected: 1.5.0 , ≤ 1.5.1 (semver)
    Affected: 1.4.0 , ≤ 1.4.3 (semver)
    Affected: 1.3.0 , ≤ 1.3.1 (semver)
    Affected: 1.2.0
    Affected: 1.1.0 , ≤ 1.1.2 (semver)
    Affected: 1.0.0 , ≤ 1.0.3 (semver)
        cpe:2.3:o:fortinet:fortipam:1.8.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.8.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.8.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.7.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.7.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.7.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.6.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.6.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.6.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.5.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.5.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.4.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.4.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.4.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.4.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.3.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.3.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.2.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.1.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.1.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.1.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.0.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.0.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.0.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Fortinet FortiSASE Affected: 26.1.1 , ≤ 26.1.2 (semver)
        cpe:2.3:a:fortinet:fortisase:26.1.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisase:26.1.1:*:*:*:*:*:*:*
    Create a notification for this product.
    Fortinet FortiProxy Affected: 7.4.0 , ≤ 7.4.13 (semver)
    Affected: 7.2.0 , ≤ 7.2.16 (semver)
        cpe:2.3:a:fortinet:fortiproxy:7.4.13:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.12:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.11:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.10:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.9:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.16:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.15:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.14:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.13:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.12:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.11:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.10:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.9:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Fortinet FortiOS Affected: 7.4.0 , ≤ 7.4.1 (semver)
    Affected: 7.2.0 , ≤ 7.2.13 (semver)
    Affected: 7.0.0 , ≤ 7.0.19 (semver)
    Affected: 6.4.0 , ≤ 6.4.16 (semver)
        cpe:2.3:o:fortinet:fortios:7.4.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.13:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.12:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.11:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.10:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.9:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.8:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.7:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.6:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.5:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.4:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.19:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.18:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.17:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.16:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.15:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.14:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.13:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.12:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.11:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.10:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.9:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.8:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.7:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.6:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.5:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.4:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.16:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.15:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.14:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.13:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.12:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.11:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.10:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.9:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.8:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.7:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.6:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.5:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.4:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-59837",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-14T15:50:08.862887Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-14T15:50:14.760Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:o:fortinet:fortipam:1.8.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.8.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.8.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.7.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.7.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.7.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.6.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.6.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.6.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.5.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.5.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.3.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.3.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.1.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.1.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.1.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.0.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiPAM",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "1.8.2",
                  "status": "affected",
                  "version": "1.8.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "1.7.2",
                  "status": "affected",
                  "version": "1.7.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "1.6.2",
                  "status": "affected",
                  "version": "1.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "1.5.1",
                  "status": "affected",
                  "version": "1.5.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "1.4.3",
                  "status": "affected",
                  "version": "1.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "1.3.1",
                  "status": "affected",
                  "version": "1.3.0",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "1.2.0"
                },
                {
                  "lessThanOrEqual": "1.1.2",
                  "status": "affected",
                  "version": "1.1.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "1.0.3",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:fortinet:fortisase:26.1.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisase:26.1.1:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiSASE",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "26.1.2",
                  "status": "affected",
                  "version": "26.1.1",
                  "versionType": "semver"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:fortinet:fortiproxy:7.4.13:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.12:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.11:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.10:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.16:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.15:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.14:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.13:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.12:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.11:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.10:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiProxy",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "7.4.13",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.2.16",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:fortinet:fortios:7.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.13:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.10:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.7:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.19:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.18:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.17:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.16:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.15:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.14:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.13:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.10:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.7:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.16:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.15:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.14:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.13:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.10:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.7:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiOS",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "7.4.1",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.2.13",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.19",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.4.16",
                  "status": "affected",
                  "version": "6.4.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A stack-based buffer overflow vulnerability in Fortinet FortiOS 7.4.0 through 7.4.1, FortiOS 7.2 all versions, FortiPAM 1.8.0 through 1.8.2, FortiPAM 1.7 all versions, FortiPAM 1.6 all versions, FortiPAM 1.5 all versions, FortiPAM 1.4 all versions, FortiPAM 1.3 all versions, FortiPAM 1.2 all versions, FortiPAM 1.1 all versions, FortiPAM 1.0 all versions, FortiProxy 7.4.0 through 7.4.13, FortiProxy 7.2 all versions may allow a privileged authenticated attacker who can bypass stack protection and ASLR to execute arbitrary code or commands via crafted HTTP requests."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "Execute unauthorized code or commands",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-14T15:06:31.443Z",
            "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
            "shortName": "fortinet"
          },
          "references": [
            {
              "name": "https://fortiguard.fortinet.com/psirt/FG-IR-26-148",
              "url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-148"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to FortiOS version 8.0.0 or above\nUpgrade to FortiOS version 7.6.0 or above\nUpgrade to FortiOS version 7.4.2 or above\nUpgrade to FortiPAM version 1.9.0 or above\nUpgrade to FortiPAM version 1.8.3 or above\nUpgrade to FortiProxy version 7.6.0 or above\nUpgrade to FortiProxy version 7.4.14 or above"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "assignerShortName": "fortinet",
        "cveId": "CVE-2026-59837",
        "datePublished": "2026-07-14T15:06:31.443Z",
        "dateReserved": "2026-07-07T15:21:27.537Z",
        "dateUpdated": "2026-07-14T15:50:14.760Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-59836 (GCVE-0-2026-59836)

    Vulnerability from nvd – Published: 2026-07-14 15:15 – Updated: 2026-07-14 16:03
    VLAI
    Summary
    A improper certificate validation vulnerability in Fortinet FortiClientEMS 7.4.3 through 7.4.5, FortiClientEMS 7.4.0 through 7.4.1, FortiClientEMS 7.2 all versions may allow attacker to information disclosure via <insert attack vector here>
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fortinet FortiClientEMS Affected: 7.4.3 , ≤ 7.4.5 (semver)
    Affected: 7.4.0 , ≤ 7.4.1 (semver)
    Affected: 7.2.12 , ≤ 7.2.14 (semver)
    Affected: 7.2.0 , ≤ 7.2.10 (semver)
        cpe:2.3:a:fortinet:forticlientems:7.4.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticlientems:7.4.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticlientems:7.4.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticlientems:7.4.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticlientems:7.4.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticlientems:7.2.14:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticlientems:7.2.13:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticlientems:7.2.12:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticlientems:7.2.10:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticlientems:7.2.9:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticlientems:7.2.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticlientems:7.2.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticlientems:7.2.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticlientems:7.2.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticlientems:7.2.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticlientems:7.2.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticlientems:7.2.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticlientems:7.2.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticlientems:7.2.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-59836",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-14T16:02:57.250970Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-14T16:03:03.056Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:fortinet:forticlientems:7.4.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticlientems:7.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticlientems:7.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticlientems:7.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticlientems:7.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticlientems:7.2.14:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticlientems:7.2.13:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticlientems:7.2.12:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticlientems:7.2.10:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticlientems:7.2.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticlientems:7.2.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticlientems:7.2.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticlientems:7.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticlientems:7.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticlientems:7.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticlientems:7.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticlientems:7.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticlientems:7.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticlientems:7.2.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiClientEMS",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "7.4.5",
                  "status": "affected",
                  "version": "7.4.3",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.4.1",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.2.14",
                  "status": "affected",
                  "version": "7.2.12",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.2.10",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A improper certificate validation vulnerability in Fortinet FortiClientEMS 7.4.3 through 7.4.5, FortiClientEMS 7.4.0 through 7.4.1, FortiClientEMS 7.2 all versions may allow attacker to information disclosure via \u003cinsert attack vector here\u003e"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-295",
                  "description": "Information disclosure",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-14T15:15:08.063Z",
            "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
            "shortName": "fortinet"
          },
          "references": [
            {
              "name": "https://fortiguard.fortinet.com/psirt/FG-IR-26-147",
              "url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-147"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to upcoming  FortiClientEMS version 8.0.0 or above\nUpgrade to FortiClientEMS version 7.4.6 or above"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "assignerShortName": "fortinet",
        "cveId": "CVE-2026-59836",
        "datePublished": "2026-07-14T15:15:08.063Z",
        "dateReserved": "2026-07-07T15:21:26.614Z",
        "dateUpdated": "2026-07-14T16:03:03.056Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-59835 (GCVE-0-2026-59835)

    Vulnerability from nvd – Published: 2026-07-14 15:12 – Updated: 2026-07-14 15:55
    VLAI
    Summary
    A exposure of resource to wrong sphere vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.2, FortiSandbox 4.4.3 through 4.4.8 may allow an unauthenticated attacker to access the VNC server of VMs performing scanning via network requests.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fortinet FortiSandbox Affected: 5.0.0 , ≤ 5.0.2 (semver)
    Affected: 4.4.3 , ≤ 4.4.8 (semver)
        cpe:2.3:a:fortinet:fortisandbox:5.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandbox:5.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandbox:5.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandbox:4.4.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandbox:4.4.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandbox:4.4.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandbox:4.4.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandbox:4.4.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandbox:4.4.3:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-59835",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-14T15:55:18.212803Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-14T15:55:23.469Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:fortinet:fortisandbox:5.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandbox:5.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandbox:5.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandbox:4.4.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandbox:4.4.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandbox:4.4.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandbox:4.4.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandbox:4.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandbox:4.4.3:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiSandbox",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "5.0.2",
                  "status": "affected",
                  "version": "5.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "4.4.8",
                  "status": "affected",
                  "version": "4.4.3",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A exposure of resource to wrong sphere vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.2, FortiSandbox 4.4.3 through 4.4.8 may allow an unauthenticated attacker to access the VNC server of VMs performing scanning via network requests."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 7.7,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L/E:P/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-668",
                  "description": "Information disclosure",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-14T15:12:20.855Z",
            "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
            "shortName": "fortinet"
          },
          "references": [
            {
              "name": "https://fortiguard.fortinet.com/psirt/FG-IR-26-145",
              "url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-145"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to FortiSandbox version 5.0.3 or above\nUpgrade to FortiSandbox version 4.4.9 or above"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "assignerShortName": "fortinet",
        "cveId": "CVE-2026-59835",
        "datePublished": "2026-07-14T15:12:20.855Z",
        "dateReserved": "2026-07-07T15:21:25.057Z",
        "dateUpdated": "2026-07-14T15:55:23.469Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-23573 (GCVE-0-2026-23573)

    Vulnerability from nvd – Published: 2026-07-14 15:19 – Updated: 2026-07-14 16:02
    VLAI
    Summary
    An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability [CWE-79] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.6, FortiOS 7.4 all versions, FortiOS 7.2 all versions, FortiPAM 1.8.0, FortiPAM 1.7 all versions, FortiPAM 1.6 all versions, FortiPAM 1.5 all versions, FortiPAM 1.4 all versions, FortiPAM 1.3 all versions, FortiPAM 1.2 all versions, FortiPAM 1.1 all versions, FortiPAM 1.0 all versions, FortiProxy 7.4.0 through 7.4.3, FortiProxy 7.2.0 through 7.2.9 may allow an authenticated remote user to execute code or commands via crafted requests.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Execute unauthorized code or commands
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fortinet FortiOS Affected: 7.6.0 , ≤ 7.6.6 (semver)
    Affected: 7.4.0 , ≤ 7.4.12 (semver)
    Affected: 7.2.0 , ≤ 7.2.13 (semver)
    Affected: 7.0.0 , ≤ 7.0.19 (semver)
    Affected: 6.4.0 , ≤ 6.4.16 (semver)
        cpe:2.3:o:fortinet:fortios:7.6.6:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.6.5:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.6.4:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.6.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.6.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.6.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.6.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.12:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.11:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.10:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.9:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.8:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.7:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.6:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.5:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.4:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.13:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.12:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.11:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.10:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.9:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.8:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.7:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.6:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.5:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.4:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.19:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.18:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.17:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.16:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.15:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.14:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.13:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.12:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.11:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.10:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.9:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.8:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.7:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.6:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.5:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.4:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.16:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.15:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.14:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.13:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.12:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.11:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.10:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.9:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.8:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.7:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.6:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.5:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.4:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Fortinet FortiProxy Affected: 7.4.0 , ≤ 7.4.3 (semver)
    Affected: 7.2.0 , ≤ 7.2.9 (semver)
    Affected: 7.0.0 , ≤ 7.0.16 (semver)
        cpe:2.3:a:fortinet:fortiproxy:7.4.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.9:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.16:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.15:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.14:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.13:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.12:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.11:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.10:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.9:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Fortinet FortiPAM Affected: 1.8.0
    Affected: 1.7.0 , ≤ 1.7.2 (semver)
    Affected: 1.6.0 , ≤ 1.6.2 (semver)
    Affected: 1.5.0 , ≤ 1.5.1 (semver)
    Affected: 1.4.0 , ≤ 1.4.3 (semver)
    Affected: 1.3.0 , ≤ 1.3.1 (semver)
    Affected: 1.2.0
    Affected: 1.1.0 , ≤ 1.1.2 (semver)
    Affected: 1.0.0 , ≤ 1.0.3 (semver)
        cpe:2.3:o:fortinet:fortipam:1.8.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.7.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.7.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.7.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.6.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.6.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.6.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.5.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.5.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.4.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.4.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.4.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.4.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.3.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.3.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.2.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.1.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.1.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.1.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.0.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.0.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.0.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-23573",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-14T15:57:48.078417Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-14T16:02:17.037Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:o:fortinet:fortios:7.6.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.6.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.6.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.6.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.6.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.6.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.6.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.10:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.7:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.13:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.10:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.7:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.19:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.18:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.17:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.16:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.15:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.14:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.13:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.10:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.7:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.16:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.15:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.14:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.13:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.10:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.7:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiOS",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "7.6.6",
                  "status": "affected",
                  "version": "7.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.4.12",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.2.13",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.19",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.4.16",
                  "status": "affected",
                  "version": "6.4.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:fortinet:fortiproxy:7.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.16:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.15:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.14:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.13:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.12:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.11:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.10:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiProxy",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "7.4.3",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.2.9",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.16",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:fortinet:fortipam:1.8.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.7.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.7.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.7.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.6.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.6.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.6.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.5.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.5.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.3.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.3.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.1.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.1.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.1.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.0.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiPAM",
              "vendor": "Fortinet",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.8.0"
                },
                {
                  "lessThanOrEqual": "1.7.2",
                  "status": "affected",
                  "version": "1.7.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "1.6.2",
                  "status": "affected",
                  "version": "1.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "1.5.1",
                  "status": "affected",
                  "version": "1.5.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "1.4.3",
                  "status": "affected",
                  "version": "1.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "1.3.1",
                  "status": "affected",
                  "version": "1.3.0",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "1.2.0"
                },
                {
                  "lessThanOrEqual": "1.1.2",
                  "status": "affected",
                  "version": "1.1.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "1.0.3",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability [CWE-79] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.6, FortiOS 7.4 all versions, FortiOS 7.2 all versions, FortiPAM 1.8.0, FortiPAM 1.7 all versions, FortiPAM 1.6 all versions, FortiPAM 1.5 all versions, FortiPAM 1.4 all versions, FortiPAM 1.3 all versions, FortiPAM 1.2 all versions, FortiPAM 1.1 all versions, FortiPAM 1.0 all versions, FortiProxy 7.4.0 through 7.4.3, FortiProxy 7.2.0 through 7.2.9 may allow an authenticated remote user to execute code or commands via crafted requests."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:P/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "Execute unauthorized code or commands",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-14T15:19:47.183Z",
            "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
            "shortName": "fortinet"
          },
          "references": [
            {
              "name": "https://fortiguard.fortinet.com/psirt/FG-IR-26-150",
              "url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-150"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to FortiOS version 8.0.0 or above\nUpgrade to FortiOS version 7.6.7 or above\nUpgrade to FortiProxy version 7.4.4 or above\nUpgrade to FortiProxy version 7.2.10 or above\nUpgrade to FortiProxy version 7.0.17 or above\nUpgrade to FortiPAM version 1.9.0 or above\nUpgrade to FortiPAM version 1.8.1 or above\nFortinet remediated this issue in FortiSASE version 26.1.1 and hence customers do not need to perform any action.\nUpgrade to FortiSwitchManager version 7.2.5 or above\nUpgrade to FortiSwitchManager version 7.0.3 or above"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "assignerShortName": "fortinet",
        "cveId": "CVE-2026-23573",
        "datePublished": "2026-07-14T15:19:47.183Z",
        "dateReserved": "2026-01-14T14:46:20.539Z",
        "dateUpdated": "2026-07-14T16:02:17.037Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-62826 (GCVE-0-2025-62826)

    Vulnerability from nvd – Published: 2026-07-14 15:19 – Updated: 2026-07-14 16:02
    VLAI
    Summary
    An Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') vulnerability [CWE-113] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.4, FortiOS 7.4 all versions, FortiOS 7.2 all versions, FortiProxy 7.6.0 through 7.6.4, FortiProxy 7.4 all versions, FortiProxy 7.2 all versions may allow an attacker able to intercept and modify a user's captive portal authentication request to inject arbitrary headers via crafted HTTP requests.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-113 - Execute unauthorized code or commands
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fortinet FortiPAM Affected: 1.7.0
    Affected: 1.6.0 , ≤ 1.6.2 (semver)
    Affected: 1.5.0 , ≤ 1.5.1 (semver)
    Affected: 1.4.0 , ≤ 1.4.3 (semver)
    Affected: 1.3.0 , ≤ 1.3.1 (semver)
    Affected: 1.2.0
    Affected: 1.1.0 , ≤ 1.1.2 (semver)
    Affected: 1.0.0 , ≤ 1.0.3 (semver)
        cpe:2.3:o:fortinet:fortipam:1.7.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.6.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.6.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.6.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.5.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.5.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.4.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.4.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.4.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.4.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.3.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.3.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.2.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.1.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.1.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.1.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.0.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.0.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.0.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Fortinet FortiProxy Affected: 7.6.0 , ≤ 7.6.4 (semver)
    Affected: 7.4.0 , ≤ 7.4.14 (semver)
    Affected: 7.2.0 , ≤ 7.2.16 (semver)
    Affected: 7.0.0 , ≤ 7.0.23 (semver)
        cpe:2.3:a:fortinet:fortiproxy:7.6.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.6.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.6.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.6.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.6.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.14:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.13:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.12:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.11:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.10:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.9:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.16:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.15:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.14:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.13:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.12:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.11:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.10:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.9:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.23:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.22:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.21:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.20:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.19:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.18:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.17:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.16:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.15:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.14:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.13:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.12:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.11:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.10:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.9:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Fortinet FortiOS Affected: 7.6.0 , ≤ 7.6.2 (semver)
    Affected: 7.4.0 , ≤ 7.4.8 (semver)
    Affected: 7.2.0 , ≤ 7.2.13 (semver)
    Affected: 7.0.0 , ≤ 7.0.19 (semver)
    Affected: 6.4.0 , ≤ 6.4.16 (semver)
        cpe:2.3:o:fortinet:fortios:7.6.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.6.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.6.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.8:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.7:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.6:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.5:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.4:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.13:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.12:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.11:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.10:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.9:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.8:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.7:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.6:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.5:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.4:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.19:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.18:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.17:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.16:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.15:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.14:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.13:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.12:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.11:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.10:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.9:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.8:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.7:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.6:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.5:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.4:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.16:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.15:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.14:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.13:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.12:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.11:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.10:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.9:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.8:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.7:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.6:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.5:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.4:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-62826",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-14T16:02:21.507604Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-14T16:02:27.387Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:o:fortinet:fortipam:1.7.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.6.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.6.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.6.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.5.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.5.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.3.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.3.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.1.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.1.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.1.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.0.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiPAM",
              "vendor": "Fortinet",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.7.0"
                },
                {
                  "lessThanOrEqual": "1.6.2",
                  "status": "affected",
                  "version": "1.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "1.5.1",
                  "status": "affected",
                  "version": "1.5.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "1.4.3",
                  "status": "affected",
                  "version": "1.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "1.3.1",
                  "status": "affected",
                  "version": "1.3.0",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "1.2.0"
                },
                {
                  "lessThanOrEqual": "1.1.2",
                  "status": "affected",
                  "version": "1.1.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "1.0.3",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:fortinet:fortiproxy:7.6.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.6.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.6.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.6.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.6.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.14:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.13:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.12:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.11:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.10:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.16:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.15:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.14:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.13:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.12:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.11:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.10:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.23:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.22:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.21:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.20:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.19:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.18:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.17:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.16:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.15:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.14:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.13:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.12:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.11:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.10:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiProxy",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "7.6.4",
                  "status": "affected",
                  "version": "7.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.4.14",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.2.16",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.23",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:fortinet:fortios:7.6.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.6.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.6.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.7:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.13:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.10:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.7:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.19:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.18:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.17:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.16:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.15:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.14:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.13:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.10:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.7:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.16:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.15:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.14:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.13:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.10:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.7:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiOS",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "7.6.2",
                  "status": "affected",
                  "version": "7.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.4.8",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.2.13",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.19",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.4.16",
                  "status": "affected",
                  "version": "6.4.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An Improper Neutralization of CRLF Sequences in HTTP Headers (\u0027HTTP Response Splitting\u0027) vulnerability [CWE-113] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.4, FortiOS 7.4 all versions, FortiOS 7.2 all versions, FortiProxy 7.6.0 through 7.6.4, FortiProxy 7.4 all versions, FortiProxy 7.2 all versions may allow an attacker able to intercept and modify a user\u0027s captive portal authentication request to inject arbitrary headers via crafted HTTP requests."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 3.1,
                "baseSeverity": "LOW",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-113",
                  "description": "Execute unauthorized code or commands",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-14T15:19:46.918Z",
            "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
            "shortName": "fortinet"
          },
          "references": [
            {
              "name": "https://fortiguard.fortinet.com/psirt/FG-IR-26-153",
              "url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-153"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to FortiProxy version 7.6.5 or above\nUpgrade to upcoming  FortiOS version 8.0.0 or above\nUpgrade to FortiOS version 7.6.5 or above\nFortinet remediated this issue in FortiSASE version 25.4.b and hence customers do not need to perform any action.\nFortinet remediated this issue in FortiSASE version 25.4.a and hence customers do not need to perform any action."
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "assignerShortName": "fortinet",
        "cveId": "CVE-2025-62826",
        "datePublished": "2026-07-14T15:19:46.918Z",
        "dateReserved": "2025-10-23T11:55:45.919Z",
        "dateUpdated": "2026-07-14T16:02:27.387Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-62675 (GCVE-0-2025-62675)

    Vulnerability from nvd – Published: 2026-07-14 15:15 – Updated: 2026-07-14 16:02
    VLAI
    Summary
    An Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') vulnerability [CWE-113] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.4, FortiOS 7.4 all versions, FortiOS 7.2 all versions, FortiProxy 7.6.0 through 7.6.4, FortiProxy 7.4 all versions, FortiProxy 7.2 all versions may allow an attacker in possession of a valid web filter override token to inject arbitrary headers via tricking a user into clicking on a crafted link.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-113 - Execute unauthorized code or commands
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fortinet FortiOS Affected: 7.6.0 , ≤ 7.6.4 (semver)
    Affected: 7.4.0 , ≤ 7.4.12 (semver)
    Affected: 7.2.0 , ≤ 7.2.13 (semver)
    Affected: 7.0.0 , ≤ 7.0.19 (semver)
    Affected: 6.4.0 , ≤ 6.4.16 (semver)
        cpe:2.3:o:fortinet:fortios:7.6.4:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.6.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.6.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.6.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.6.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.12:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.11:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.10:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.9:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.8:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.7:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.6:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.5:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.4:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.13:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.12:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.11:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.10:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.9:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.8:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.7:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.6:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.5:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.4:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.19:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.18:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.17:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.16:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.15:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.14:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.13:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.12:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.11:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.10:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.9:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.8:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.7:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.6:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.5:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.4:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.16:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.15:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.14:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.13:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.12:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.11:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.10:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.9:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.8:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.7:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.6:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.5:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.4:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Fortinet FortiPAM Affected: 1.7.0
    Affected: 1.6.0 , ≤ 1.6.2 (semver)
    Affected: 1.5.0 , ≤ 1.5.1 (semver)
    Affected: 1.4.0 , ≤ 1.4.3 (semver)
    Affected: 1.3.0 , ≤ 1.3.1 (semver)
    Affected: 1.2.0
    Affected: 1.1.0 , ≤ 1.1.2 (semver)
    Affected: 1.0.0 , ≤ 1.0.3 (semver)
        cpe:2.3:o:fortinet:fortipam:1.7.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.6.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.6.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.6.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.5.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.5.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.4.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.4.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.4.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.4.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.3.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.3.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.2.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.1.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.1.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.1.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.0.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.0.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.0.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Fortinet FortiProxy Affected: 7.6.0 , ≤ 7.6.4 (semver)
    Affected: 7.4.0 , ≤ 7.4.14 (semver)
    Affected: 7.2.0 , ≤ 7.2.16 (semver)
    Affected: 7.0.0 , ≤ 7.0.23 (semver)
        cpe:2.3:a:fortinet:fortiproxy:7.6.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.6.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.6.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.6.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.6.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.14:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.13:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.12:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.11:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.10:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.9:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.16:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.15:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.14:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.13:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.12:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.11:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.10:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.9:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.23:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.22:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.21:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.20:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.19:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.18:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.17:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.16:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.15:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.14:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.13:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.12:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.11:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.10:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.9:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-62675",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-14T16:02:37.813993Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-14T16:02:45.423Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:o:fortinet:fortios:7.6.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.6.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.6.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.6.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.6.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.10:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.7:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.13:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.10:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.7:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.19:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.18:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.17:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.16:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.15:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.14:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.13:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.10:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.7:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.16:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.15:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.14:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.13:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.10:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.7:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiOS",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "7.6.4",
                  "status": "affected",
                  "version": "7.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.4.12",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.2.13",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.19",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.4.16",
                  "status": "affected",
                  "version": "6.4.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:fortinet:fortipam:1.7.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.6.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.6.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.6.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.5.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.5.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.3.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.3.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.1.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.1.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.1.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.0.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiPAM",
              "vendor": "Fortinet",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.7.0"
                },
                {
                  "lessThanOrEqual": "1.6.2",
                  "status": "affected",
                  "version": "1.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "1.5.1",
                  "status": "affected",
                  "version": "1.5.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "1.4.3",
                  "status": "affected",
                  "version": "1.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "1.3.1",
                  "status": "affected",
                  "version": "1.3.0",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "1.2.0"
                },
                {
                  "lessThanOrEqual": "1.1.2",
                  "status": "affected",
                  "version": "1.1.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "1.0.3",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:fortinet:fortiproxy:7.6.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.6.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.6.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.6.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.6.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.14:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.13:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.12:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.11:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.10:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.16:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.15:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.14:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.13:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.12:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.11:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.10:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.23:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.22:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.21:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.20:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.19:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.18:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.17:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.16:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.15:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.14:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.13:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.12:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.11:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.10:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiProxy",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "7.6.4",
                  "status": "affected",
                  "version": "7.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.4.14",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.2.16",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.23",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An Improper Neutralization of CRLF Sequences in HTTP Headers (\u0027HTTP Response Splitting\u0027) vulnerability [CWE-113] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.4, FortiOS 7.4 all versions, FortiOS 7.2 all versions, FortiProxy 7.6.0 through 7.6.4, FortiProxy 7.4 all versions, FortiProxy 7.2 all versions may allow an attacker in possession of a valid web filter override token to inject arbitrary headers via tricking a user into clicking on a crafted link."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 3.4,
                "baseSeverity": "LOW",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N/E:P/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-113",
                  "description": "Execute unauthorized code or commands",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-14T15:15:12.695Z",
            "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
            "shortName": "fortinet"
          },
          "references": [
            {
              "name": "https://fortiguard.fortinet.com/psirt/FG-IR-26-152",
              "url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-152"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Fortinet remediated this issue in FortiSASE version 25.4.b and hence customers do not need to perform any action.\nUpgrade to FortiProxy version 7.6.5 or above\nUpgrade to FortiOS version 8.0.0 or above\nUpgrade to FortiOS version 7.6.5 or above"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "assignerShortName": "fortinet",
        "cveId": "CVE-2025-62675",
        "datePublished": "2026-07-14T15:15:12.695Z",
        "dateReserved": "2025-10-20T08:07:37.650Z",
        "dateUpdated": "2026-07-14T16:02:45.423Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-53379 (GCVE-0-2025-53379)

    Vulnerability from nvd – Published: 2026-07-14 15:13 – Updated: 2026-07-14 15:56
    VLAI
    Summary
    A out-of-bounds read vulnerability in Fortinet FortiAuthenticator 6.6.0 through 6.6.2, FortiAuthenticator 6.5 all versions may allow a remote unauthenticated attacker to retrieve sensitive information via a specially crafted request.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fortinet FortiAuthenticator Affected: 6.6.0 , ≤ 6.6.2 (semver)
    Affected: 6.5.0 , ≤ 6.5.7 (semver)
    Affected: 6.4.0 , ≤ 6.4.11 (semver)
    Affected: 6.3.0 , ≤ 6.3.5 (semver)
        cpe:2.3:a:fortinet:fortiauthenticator:6.6.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiauthenticator:6.6.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiauthenticator:6.6.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiauthenticator:6.5.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiauthenticator:6.5.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiauthenticator:6.5.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiauthenticator:6.5.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiauthenticator:6.5.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiauthenticator:6.5.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiauthenticator:6.5.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiauthenticator:6.5.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiauthenticator:6.4.11:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiauthenticator:6.4.10:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiauthenticator:6.4.9:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiauthenticator:6.4.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiauthenticator:6.4.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiauthenticator:6.4.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiauthenticator:6.4.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiauthenticator:6.4.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiauthenticator:6.4.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiauthenticator:6.4.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiauthenticator:6.4.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiauthenticator:6.4.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiauthenticator:6.3.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiauthenticator:6.3.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiauthenticator:6.3.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiauthenticator:6.3.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiauthenticator:6.3.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiauthenticator:6.3.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-53379",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-14T15:55:57.538368Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-14T15:56:07.256Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:fortinet:fortiauthenticator:6.6.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiauthenticator:6.6.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiauthenticator:6.6.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiauthenticator:6.5.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiauthenticator:6.5.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiauthenticator:6.5.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiauthenticator:6.5.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiauthenticator:6.5.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiauthenticator:6.5.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiauthenticator:6.5.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiauthenticator:6.5.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiauthenticator:6.4.11:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiauthenticator:6.4.10:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiauthenticator:6.4.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiauthenticator:6.4.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiauthenticator:6.4.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiauthenticator:6.4.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiauthenticator:6.4.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiauthenticator:6.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiauthenticator:6.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiauthenticator:6.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiauthenticator:6.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiauthenticator:6.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiauthenticator:6.3.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiauthenticator:6.3.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiauthenticator:6.3.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiauthenticator:6.3.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiauthenticator:6.3.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiauthenticator:6.3.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiAuthenticator",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "6.6.2",
                  "status": "affected",
                  "version": "6.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.5.7",
                  "status": "affected",
                  "version": "6.5.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.4.11",
                  "status": "affected",
                  "version": "6.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.3.5",
                  "status": "affected",
                  "version": "6.3.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A out-of-bounds read vulnerability in Fortinet FortiAuthenticator 6.6.0 through 6.6.2, FortiAuthenticator 6.5 all versions may allow a remote unauthenticated attacker to retrieve sensitive information via a specially crafted request."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "Information disclosure",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-14T15:13:02.254Z",
            "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
            "shortName": "fortinet"
          },
          "references": [
            {
              "name": "https://fortiguard.fortinet.com/psirt/FG-IR-26-146",
              "url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-146"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to FortiAuthenticator version 6.6.3 or above"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "assignerShortName": "fortinet",
        "cveId": "CVE-2025-53379",
        "datePublished": "2026-07-14T15:13:02.254Z",
        "dateReserved": "2025-06-27T15:44:12.816Z",
        "dateUpdated": "2026-07-14T15:56:07.256Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-43892 (GCVE-0-2025-43892)

    Vulnerability from nvd – Published: 2026-07-14 15:19 – Updated: 2026-07-14 16:02
    VLAI
    Summary
    A buffer over-read vulnerability in Fortinet FortiOS 7.6.0 through 7.6.2, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2 all versions may allow an authenticated remote attacker to return a portion of device memory in the redirect response via submitting a specially crafted request.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fortinet FortiOS Affected: 7.4.0 , ≤ 7.4.3 (semver)
    Affected: 7.2.0 , ≤ 7.2.13 (semver)
    Affected: 7.0.0 , ≤ 7.0.19 (semver)
        cpe:2.3:o:fortinet:fortios:7.4.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.13:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.12:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.11:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.10:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.9:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.8:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.7:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.6:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.5:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.4:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.19:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.18:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.17:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.16:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.15:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.14:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.13:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.12:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.11:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.10:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.9:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.8:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.7:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.6:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.5:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.4:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-43892",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-14T15:57:30.990330Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-14T16:02:29.209Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:o:fortinet:fortios:7.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.13:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.10:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.7:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.19:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.18:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.17:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.16:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.15:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.14:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.13:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.10:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.7:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiOS",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "7.4.3",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.2.13",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.19",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A buffer over-read vulnerability in Fortinet FortiOS 7.6.0 through 7.6.2, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2 all versions may allow an authenticated remote attacker to return a portion of device memory in the redirect response via submitting a specially crafted request."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-126",
                  "description": "Information disclosure",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-14T15:19:51.080Z",
            "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
            "shortName": "fortinet"
          },
          "references": [
            {
              "name": "https://fortiguard.fortinet.com/psirt/#5944",
              "url": "https://fortiguard.fortinet.com/psirt/#5944"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to FortiOS version 7.6.4 or above\nUpgrade to FortiOS version 7.4.9 or above\nFortinet remediated this issue in FortiSASE version 25.4.b and hence customers do not need to perform any action.\nUpgrade to FortiProxy version 7.6.6 or above\nUpgrade to FortiProxy version 7.4.14 or above"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "assignerShortName": "fortinet",
        "cveId": "CVE-2025-43892",
        "datePublished": "2026-07-14T15:19:51.080Z",
        "dateReserved": "2025-04-18T14:46:53.847Z",
        "dateUpdated": "2026-07-14T16:02:29.209Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-49938 (GCVE-0-2026-49938)

    Vulnerability from nvd – Published: 2026-06-09 14:27 – Updated: 2026-07-08 12:54
    VLAI
    Summary
    A improper access control vulnerability in Fortinet FortiPortal 7.4.0 through 7.4.7, FortiPortal 7.2.0 through 7.2.8, FortiPortal 7.0 all versions may allow attacker to improper access control via <insert attack vector here>
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-284 - Improper access control
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fortinet FortiPortal Affected: 7.4.0 , ≤ 7.4.7 (semver)
    Affected: 7.2.0 , ≤ 7.2.8 (semver)
    Affected: 7.0.0 , ≤ 7.0.14 (semver)
        cpe:2.3:a:fortinet:fortiportal:7.4.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiportal:7.4.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiportal:7.4.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiportal:7.4.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiportal:7.4.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiportal:7.4.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiportal:7.4.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiportal:7.4.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiportal:7.2.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiportal:7.2.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiportal:7.2.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiportal:7.2.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiportal:7.2.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiportal:7.2.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiportal:7.2.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiportal:7.2.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiportal:7.2.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiportal:7.0.14:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiportal:7.0.13:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiportal:7.0.12:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiportal:7.0.11:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiportal:7.0.10:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiportal:7.0.9:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiportal:7.0.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiportal:7.0.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiportal:7.0.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiportal:7.0.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiportal:7.0.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiportal:7.0.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiportal:7.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiportal:7.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiportal:7.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-49938",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-09T15:36:51.644752Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-09T15:36:59.170Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:fortinet:fortiportal:7.4.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiportal:7.4.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiportal:7.4.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiportal:7.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiportal:7.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiportal:7.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiportal:7.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiportal:7.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiportal:7.2.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiportal:7.2.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiportal:7.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiportal:7.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiportal:7.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiportal:7.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiportal:7.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiportal:7.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiportal:7.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiportal:7.0.14:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiportal:7.0.13:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiportal:7.0.12:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiportal:7.0.11:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiportal:7.0.10:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiportal:7.0.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiportal:7.0.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiportal:7.0.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiportal:7.0.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiportal:7.0.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiportal:7.0.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiportal:7.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiportal:7.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiportal:7.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiportal:7.0.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiPortal",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "7.4.7",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.2.8",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.14",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A improper access control vulnerability in Fortinet FortiPortal 7.4.0 through 7.4.7, FortiPortal 7.2.0 through 7.2.8, FortiPortal 7.0 all versions may allow attacker to improper access control via \u003cinsert attack vector here\u003e"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.2,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "Improper access control",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-08T12:54:11.690Z",
            "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
            "shortName": "fortinet"
          },
          "references": [
            {
              "name": "https://fortiguard.fortinet.com/psirt/FG-IR-26-140",
              "url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-140"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to FortiPortal version 7.4.8 or above\nUpgrade to upcoming  FortiPortal version 7.2.9 or above"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "assignerShortName": "fortinet",
        "cveId": "CVE-2026-49938",
        "datePublished": "2026-06-09T14:27:42.914Z",
        "dateReserved": "2026-06-02T15:05:18.629Z",
        "dateUpdated": "2026-07-08T12:54:11.690Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-25089 (GCVE-0-2026-25089)

    Vulnerability from nvd – Published: 2026-06-09 14:27 – Updated: 2026-06-10 13:35
    VLAI
    Summary
    A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8, FortiSandbox 4.2 all versions, FortiSandbox Cloud 5.0.4 through 5.0.5, FortiSandbox PaaS 5.0.4 through 5.0.5 may allow an unauthenticated attacker to execute unauthorized commands via specifically crafted HTTP requests
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Execute unauthorized code or commands
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fortinet FortiSandbox Affected: 5.0.0 , ≤ 5.0.5 (semver)
    Affected: 4.4.0 , ≤ 4.4.8 (semver)
    Affected: 4.2.1 , ≤ 4.2.8 (semver)
        cpe:2.3:a:fortinet:fortisandbox:5.0.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandbox:5.0.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandbox:5.0.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandbox:5.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandbox:5.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandbox:5.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandbox:4.4.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandbox:4.4.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandbox:4.4.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandbox:4.4.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandbox:4.4.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandbox:4.4.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandbox:4.4.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandbox:4.4.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandbox:4.4.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandbox:4.2.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandbox:4.2.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandbox:4.2.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandbox:4.2.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandbox:4.2.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandbox:4.2.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandbox:4.2.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandbox:4.2.1:*:*:*:*:*:*:*
    Create a notification for this product.
    Fortinet FortiSandbox Cloud Affected: 5.0.4 , ≤ 5.0.5 (semver)
        cpe:2.3:a:fortinet:fortisandboxcloud:5.0.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandboxcloud:5.0.4:*:*:*:*:*:*:*
    Create a notification for this product.
    Fortinet FortiSandbox PaaS Affected: 5.0.4 , ≤ 5.0.5 (semver)
        cpe:2.3:a:fortinet:fortisandboxpaas:5.0.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandboxpaas:5.0.4:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-25089",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-10T03:58:38.447554Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-10T13:35:01.375Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:fortinet:fortisandbox:5.0.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandbox:5.0.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandbox:5.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandbox:5.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandbox:5.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandbox:5.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandbox:4.4.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandbox:4.4.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandbox:4.4.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandbox:4.4.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandbox:4.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandbox:4.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandbox:4.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandbox:4.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandbox:4.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandbox:4.2.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandbox:4.2.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandbox:4.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandbox:4.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandbox:4.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandbox:4.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandbox:4.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandbox:4.2.1:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiSandbox",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "5.0.5",
                  "status": "affected",
                  "version": "5.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "4.4.8",
                  "status": "affected",
                  "version": "4.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "4.2.8",
                  "status": "affected",
                  "version": "4.2.1",
                  "versionType": "semver"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:fortinet:fortisandboxcloud:5.0.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandboxcloud:5.0.4:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiSandbox Cloud",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "5.0.5",
                  "status": "affected",
                  "version": "5.0.4",
                  "versionType": "semver"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:fortinet:fortisandboxpaas:5.0.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandboxpaas:5.0.4:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiSandbox PaaS",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "5.0.5",
                  "status": "affected",
                  "version": "5.0.4",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A improper neutralization of special elements used in an os command (\u0027os command injection\u0027) vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8, FortiSandbox 4.2 all versions, FortiSandbox Cloud 5.0.4 through 5.0.5, FortiSandbox PaaS 5.0.4 through 5.0.5 may allow an unauthenticated attacker to execute unauthorized commands via specifically crafted HTTP requests"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.1,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "Execute unauthorized code or commands",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-09T14:27:47.492Z",
            "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
            "shortName": "fortinet"
          },
          "references": [
            {
              "name": "https://fortiguard.fortinet.com/psirt/FG-IR-26-141",
              "url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-141"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to upcoming  FortiSandbox version 5.2.0 or above\nUpgrade to FortiSandbox version 5.0.6 or above\nUpgrade to FortiSandbox version 4.4.9 or above\nUpgrade to upcoming  FortiSandbox PaaS version 5.2.0 or above\nUpgrade to FortiSandbox PaaS version 5.0.6 or above\nFortinet remediated this issue in FortiSandbox Cloud version 5.2.0 (not released) and hence customers do not need to perform any action.\nFortinet remediated this issue in FortiSandbox Cloud version 5.0.6 (not released) and hence customers do not need to perform any action."
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "assignerShortName": "fortinet",
        "cveId": "CVE-2026-25089",
        "datePublished": "2026-06-09T14:27:47.492Z",
        "dateReserved": "2026-01-29T09:27:29.820Z",
        "dateUpdated": "2026-06-10T13:35:01.375Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-67862 (GCVE-0-2025-67862)

    Vulnerability from nvd – Published: 2026-06-09 14:27 – Updated: 2026-07-14 12:43
    VLAI
    Summary
    An Internal Asset Exposed to Unsafe Debug Access Level or State vulnerability [CWE-1244] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.2, FortiOS 7.4.0 through 7.4.7, FortiOS 7.2.0 through 7.2.10, FortiOS 7.0.0 through 7.0.16, FortiOS 6.4 all versions, FortiProxy 7.6.0 through 7.6.3, FortiProxy 7.4.0 through 7.4.10, FortiProxy 7.2.0 through 7.2.14, FortiProxy 7.0 all versions may allow an authenticated admin to execute lua scripts via crafted CLI commands.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-1244 - Execute unauthorized code or commands
    Assigner
    Impacted products
    Vendor Product Version
    Fortinet FortiOS Affected: 7.6.0 , ≤ 7.6.1 (semver)
    Affected: 7.4.0 , ≤ 7.4.6 (semver)
    Affected: 7.2.0 , ≤ 7.2.10 (semver)
    Affected: 7.0.0 , ≤ 7.0.16 (semver)
    Affected: 6.4.0 , ≤ 6.4.16 (semver)
        cpe:2.3:o:fortinet:fortios:7.6.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.6.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.6:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.5:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.4:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.10:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.9:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.8:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.7:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.6:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.5:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.4:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.16:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.15:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.14:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.13:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.12:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.11:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.10:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.9:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.8:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.7:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.6:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.5:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.4:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.16:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.15:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.14:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.13:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.12:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.11:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.10:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.9:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.8:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.7:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.6:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.5:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.4:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Fortinet FortiProxy Affected: 7.6.0 , ≤ 7.6.3 (semver)
    Affected: 7.4.0 , ≤ 7.4.10 (semver)
    Affected: 7.2.0 , ≤ 7.2.14 (semver)
    Affected: 7.0.0 , ≤ 7.0.23 (semver)
        cpe:2.3:a:fortinet:fortiproxy:7.6.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.6.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.6.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.6.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.10:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.9:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.14:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.13:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.12:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.11:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.10:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.9:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.23:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.22:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.21:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.20:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.19:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.18:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.17:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.16:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.15:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.14:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.13:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.12:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.11:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.10:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.9:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Siemens RUGGEDCOM APE1808 Affected: 0 , < * (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-67862",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-09T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-10T03:58:56.818Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "affected": [
              {
                "defaultStatus": "unknown",
                "product": "RUGGEDCOM APE1808",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-14T12:43:47.225Z",
              "orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
              "shortName": "siemens-SADP"
            },
            "references": [
              {
                "url": "https://cert-portal.siemens.com/productcert/html/ssa-864900.html"
              }
            ],
            "x_adpType": "supplier"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:o:fortinet:fortios:7.6.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.6.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.10:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.7:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.16:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.15:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.14:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.13:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.10:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.7:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.16:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.15:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.14:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.13:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.10:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.7:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiOS",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "7.6.1",
                  "status": "affected",
                  "version": "7.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.4.6",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.2.10",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.16",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.4.16",
                  "status": "affected",
                  "version": "6.4.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:fortinet:fortiproxy:7.6.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.6.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.6.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.6.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.10:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.14:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.13:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.12:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.11:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.10:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.23:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.22:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.21:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.20:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.19:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.18:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.17:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.16:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.15:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.14:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.13:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.12:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.11:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.10:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiProxy",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "7.6.3",
                  "status": "affected",
                  "version": "7.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.4.10",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.2.14",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.23",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An Internal Asset Exposed to Unsafe Debug Access Level or State vulnerability [CWE-1244] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.2, FortiOS 7.4.0 through 7.4.7, FortiOS 7.2.0 through 7.2.10, FortiOS 7.0.0 through 7.0.16, FortiOS 6.4 all versions, FortiProxy 7.6.0 through 7.6.3, FortiProxy 7.4.0 through 7.4.10, FortiProxy 7.2.0 through 7.2.14, FortiProxy 7.0 all versions may allow an authenticated admin to execute lua scripts via crafted CLI commands."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1244",
                  "description": "Execute unauthorized code or commands",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-09T14:27:50.485Z",
            "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
            "shortName": "fortinet"
          },
          "references": [
            {
              "name": "https://fortiguard.fortinet.com/psirt/FG-IR-26-143",
              "url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-143"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to FortiOS version 7.6.3 or above\nUpgrade to FortiOS version 7.4.8 or above\nUpgrade to FortiOS version 7.2.11 or above\nUpgrade to FortiOS version 7.0.17 or above\nUpgrade to FortiProxy version 7.6.4 or above\nUpgrade to FortiProxy version 7.4.11 or above\nUpgrade to FortiProxy version 7.2.15 or above"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "assignerShortName": "fortinet",
        "cveId": "CVE-2025-67862",
        "datePublished": "2026-06-09T14:27:50.485Z",
        "dateReserved": "2025-12-12T15:39:26.251Z",
        "dateUpdated": "2026-07-14T12:43:47.225Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-59840 (GCVE-0-2026-59840)

    Vulnerability from cvelistv5 – Published: 2026-07-14 15:19 – Updated: 2026-07-14 16:02
    VLAI
    Summary
    A buffer over-read vulnerability in Fortinet FortiOS 7.6.0 through 7.6.2, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2 all versions, FortiProxy 7.6.0 through 7.6.5, FortiProxy 7.4.0 through 7.4.13, FortiProxy 7.2 all versions may allow attacker to information disclosure via <insert attack vector here>
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fortinet FortiOS Affected: 7.6.0 , ≤ 7.6.2 (semver)
    Affected: 7.4.0 , ≤ 7.4.8 (semver)
    Affected: 7.2.0 , ≤ 7.2.13 (semver)
    Affected: 7.0.0 , ≤ 7.0.19 (semver)
    Affected: 6.4.0 , ≤ 6.4.16 (semver)
        cpe:2.3:o:fortinet:fortios:7.6.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.6.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.6.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.8:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.7:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.6:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.5:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.4:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.13:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.12:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.11:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.10:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.9:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.8:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.7:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.6:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.5:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.4:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.19:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.18:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.17:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.16:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.15:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.14:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.13:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.12:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.11:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.10:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.9:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.8:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.7:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.6:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.5:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.4:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.16:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.15:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.14:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.13:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.12:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.11:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.10:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.9:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.8:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.7:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.6:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.5:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.4:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Fortinet FortiPAM Affected: 1.7.0
    Affected: 1.6.0 , ≤ 1.6.2 (semver)
    Affected: 1.5.0 , ≤ 1.5.1 (semver)
    Affected: 1.4.0 , ≤ 1.4.3 (semver)
    Affected: 1.3.0 , ≤ 1.3.1 (semver)
    Affected: 1.2.0
    Affected: 1.1.0 , ≤ 1.1.2 (semver)
    Affected: 1.0.0 , ≤ 1.0.3 (semver)
        cpe:2.3:o:fortinet:fortipam:1.7.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.6.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.6.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.6.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.5.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.5.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.4.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.4.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.4.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.4.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.3.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.3.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.2.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.1.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.1.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.1.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.0.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.0.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.0.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Fortinet FortiSwitchManager Affected: 7.2.0 , ≤ 7.2.7 (semver)
    Affected: 7.0.0 , ≤ 7.0.6 (semver)
        cpe:2.3:a:fortinet:fortiswitchmanager:7.2.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiswitchmanager:7.2.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiswitchmanager:7.2.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiswitchmanager:7.2.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiswitchmanager:7.2.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiswitchmanager:7.2.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiswitchmanager:7.2.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiswitchmanager:7.2.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiswitchmanager:7.0.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiswitchmanager:7.0.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiswitchmanager:7.0.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiswitchmanager:7.0.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiswitchmanager:7.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiswitchmanager:7.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiswitchmanager:7.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Fortinet FortiProxy Affected: 7.6.0 , ≤ 7.6.5 (semver)
    Affected: 7.4.0 , ≤ 7.4.13 (semver)
    Affected: 7.2.0 , ≤ 7.2.16 (semver)
    Affected: 7.0.0 , ≤ 7.0.23 (semver)
        cpe:2.3:a:fortinet:fortiproxy:7.6.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.6.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.6.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.6.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.6.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.6.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.13:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.12:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.11:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.10:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.9:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.16:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.15:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.14:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.13:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.12:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.11:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.10:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.9:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.23:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.22:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.21:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.20:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.19:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.18:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.17:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.16:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.15:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.14:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.13:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.12:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.11:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.10:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.9:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-59840",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-14T15:57:19.678421Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-14T16:02:38.145Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:o:fortinet:fortios:7.6.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.6.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.6.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.7:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.13:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.10:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.7:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.19:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.18:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.17:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.16:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.15:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.14:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.13:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.10:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.7:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.16:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.15:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.14:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.13:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.10:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.7:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiOS",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "7.6.2",
                  "status": "affected",
                  "version": "7.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.4.8",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.2.13",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.19",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.4.16",
                  "status": "affected",
                  "version": "6.4.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:fortinet:fortipam:1.7.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.6.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.6.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.6.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.5.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.5.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.3.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.3.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.1.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.1.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.1.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.0.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiPAM",
              "vendor": "Fortinet",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.7.0"
                },
                {
                  "lessThanOrEqual": "1.6.2",
                  "status": "affected",
                  "version": "1.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "1.5.1",
                  "status": "affected",
                  "version": "1.5.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "1.4.3",
                  "status": "affected",
                  "version": "1.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "1.3.1",
                  "status": "affected",
                  "version": "1.3.0",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "1.2.0"
                },
                {
                  "lessThanOrEqual": "1.1.2",
                  "status": "affected",
                  "version": "1.1.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "1.0.3",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:fortinet:fortiswitchmanager:7.2.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiswitchmanager:7.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiswitchmanager:7.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiswitchmanager:7.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiswitchmanager:7.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiswitchmanager:7.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiswitchmanager:7.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiswitchmanager:7.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiswitchmanager:7.0.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiswitchmanager:7.0.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiswitchmanager:7.0.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiswitchmanager:7.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiswitchmanager:7.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiswitchmanager:7.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiswitchmanager:7.0.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiSwitchManager",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "7.2.7",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.6",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:fortinet:fortiproxy:7.6.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.6.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.6.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.6.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.6.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.6.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.13:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.12:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.11:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.10:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.16:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.15:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.14:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.13:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.12:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.11:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.10:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.23:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.22:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.21:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.20:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.19:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.18:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.17:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.16:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.15:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.14:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.13:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.12:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.11:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.10:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiProxy",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "7.6.5",
                  "status": "affected",
                  "version": "7.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.4.13",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.2.16",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.23",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A buffer over-read vulnerability in Fortinet FortiOS 7.6.0 through 7.6.2, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2 all versions, FortiProxy 7.6.0 through 7.6.5, FortiProxy 7.4.0 through 7.4.13, FortiProxy 7.2 all versions may allow attacker to information disclosure via \u003cinsert attack vector here\u003e"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-126",
                  "description": "Information disclosure",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-14T15:19:51.309Z",
            "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
            "shortName": "fortinet"
          },
          "references": [
            {
              "name": "https://fortiguard.fortinet.com/psirt/FG-IR-26-154",
              "url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-154"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to FortiOS version 7.6.4 or above\nUpgrade to FortiOS version 7.4.9 or above\nFortinet remediated this issue in FortiSASE version 25.4.b and hence customers do not need to perform any action.\nUpgrade to FortiProxy version 7.6.6 or above\nUpgrade to FortiProxy version 7.4.14 or above"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "assignerShortName": "fortinet",
        "cveId": "CVE-2026-59840",
        "datePublished": "2026-07-14T15:19:51.309Z",
        "dateReserved": "2026-07-07T15:21:36.593Z",
        "dateUpdated": "2026-07-14T16:02:38.145Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-43892 (GCVE-0-2025-43892)

    Vulnerability from cvelistv5 – Published: 2026-07-14 15:19 – Updated: 2026-07-14 16:02
    VLAI
    Summary
    A buffer over-read vulnerability in Fortinet FortiOS 7.6.0 through 7.6.2, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2 all versions may allow an authenticated remote attacker to return a portion of device memory in the redirect response via submitting a specially crafted request.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fortinet FortiOS Affected: 7.4.0 , ≤ 7.4.3 (semver)
    Affected: 7.2.0 , ≤ 7.2.13 (semver)
    Affected: 7.0.0 , ≤ 7.0.19 (semver)
        cpe:2.3:o:fortinet:fortios:7.4.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.13:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.12:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.11:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.10:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.9:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.8:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.7:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.6:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.5:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.4:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.19:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.18:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.17:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.16:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.15:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.14:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.13:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.12:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.11:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.10:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.9:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.8:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.7:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.6:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.5:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.4:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-43892",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-14T15:57:30.990330Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-14T16:02:29.209Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:o:fortinet:fortios:7.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.13:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.10:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.7:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.19:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.18:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.17:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.16:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.15:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.14:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.13:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.10:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.7:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiOS",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "7.4.3",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.2.13",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.19",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A buffer over-read vulnerability in Fortinet FortiOS 7.6.0 through 7.6.2, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2 all versions may allow an authenticated remote attacker to return a portion of device memory in the redirect response via submitting a specially crafted request."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-126",
                  "description": "Information disclosure",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-14T15:19:51.080Z",
            "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
            "shortName": "fortinet"
          },
          "references": [
            {
              "name": "https://fortiguard.fortinet.com/psirt/#5944",
              "url": "https://fortiguard.fortinet.com/psirt/#5944"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to FortiOS version 7.6.4 or above\nUpgrade to FortiOS version 7.4.9 or above\nFortinet remediated this issue in FortiSASE version 25.4.b and hence customers do not need to perform any action.\nUpgrade to FortiProxy version 7.6.6 or above\nUpgrade to FortiProxy version 7.4.14 or above"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "assignerShortName": "fortinet",
        "cveId": "CVE-2025-43892",
        "datePublished": "2026-07-14T15:19:51.080Z",
        "dateReserved": "2025-04-18T14:46:53.847Z",
        "dateUpdated": "2026-07-14T16:02:29.209Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-23573 (GCVE-0-2026-23573)

    Vulnerability from cvelistv5 – Published: 2026-07-14 15:19 – Updated: 2026-07-14 16:02
    VLAI
    Summary
    An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability [CWE-79] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.6, FortiOS 7.4 all versions, FortiOS 7.2 all versions, FortiPAM 1.8.0, FortiPAM 1.7 all versions, FortiPAM 1.6 all versions, FortiPAM 1.5 all versions, FortiPAM 1.4 all versions, FortiPAM 1.3 all versions, FortiPAM 1.2 all versions, FortiPAM 1.1 all versions, FortiPAM 1.0 all versions, FortiProxy 7.4.0 through 7.4.3, FortiProxy 7.2.0 through 7.2.9 may allow an authenticated remote user to execute code or commands via crafted requests.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Execute unauthorized code or commands
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fortinet FortiOS Affected: 7.6.0 , ≤ 7.6.6 (semver)
    Affected: 7.4.0 , ≤ 7.4.12 (semver)
    Affected: 7.2.0 , ≤ 7.2.13 (semver)
    Affected: 7.0.0 , ≤ 7.0.19 (semver)
    Affected: 6.4.0 , ≤ 6.4.16 (semver)
        cpe:2.3:o:fortinet:fortios:7.6.6:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.6.5:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.6.4:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.6.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.6.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.6.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.6.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.12:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.11:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.10:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.9:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.8:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.7:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.6:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.5:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.4:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.13:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.12:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.11:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.10:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.9:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.8:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.7:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.6:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.5:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.4:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.19:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.18:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.17:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.16:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.15:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.14:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.13:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.12:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.11:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.10:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.9:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.8:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.7:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.6:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.5:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.4:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.16:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.15:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.14:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.13:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.12:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.11:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.10:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.9:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.8:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.7:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.6:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.5:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.4:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Fortinet FortiProxy Affected: 7.4.0 , ≤ 7.4.3 (semver)
    Affected: 7.2.0 , ≤ 7.2.9 (semver)
    Affected: 7.0.0 , ≤ 7.0.16 (semver)
        cpe:2.3:a:fortinet:fortiproxy:7.4.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.9:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.16:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.15:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.14:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.13:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.12:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.11:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.10:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.9:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Fortinet FortiPAM Affected: 1.8.0
    Affected: 1.7.0 , ≤ 1.7.2 (semver)
    Affected: 1.6.0 , ≤ 1.6.2 (semver)
    Affected: 1.5.0 , ≤ 1.5.1 (semver)
    Affected: 1.4.0 , ≤ 1.4.3 (semver)
    Affected: 1.3.0 , ≤ 1.3.1 (semver)
    Affected: 1.2.0
    Affected: 1.1.0 , ≤ 1.1.2 (semver)
    Affected: 1.0.0 , ≤ 1.0.3 (semver)
        cpe:2.3:o:fortinet:fortipam:1.8.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.7.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.7.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.7.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.6.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.6.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.6.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.5.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.5.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.4.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.4.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.4.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.4.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.3.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.3.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.2.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.1.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.1.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.1.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.0.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.0.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.0.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-23573",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-14T15:57:48.078417Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-14T16:02:17.037Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:o:fortinet:fortios:7.6.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.6.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.6.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.6.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.6.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.6.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.6.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.10:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.7:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.13:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.10:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.7:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.19:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.18:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.17:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.16:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.15:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.14:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.13:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.10:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.7:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.16:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.15:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.14:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.13:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.10:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.7:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiOS",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "7.6.6",
                  "status": "affected",
                  "version": "7.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.4.12",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.2.13",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.19",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.4.16",
                  "status": "affected",
                  "version": "6.4.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:fortinet:fortiproxy:7.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.16:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.15:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.14:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.13:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.12:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.11:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.10:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiProxy",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "7.4.3",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.2.9",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.16",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:fortinet:fortipam:1.8.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.7.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.7.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.7.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.6.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.6.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.6.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.5.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.5.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.3.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.3.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.1.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.1.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.1.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.0.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiPAM",
              "vendor": "Fortinet",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.8.0"
                },
                {
                  "lessThanOrEqual": "1.7.2",
                  "status": "affected",
                  "version": "1.7.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "1.6.2",
                  "status": "affected",
                  "version": "1.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "1.5.1",
                  "status": "affected",
                  "version": "1.5.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "1.4.3",
                  "status": "affected",
                  "version": "1.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "1.3.1",
                  "status": "affected",
                  "version": "1.3.0",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "1.2.0"
                },
                {
                  "lessThanOrEqual": "1.1.2",
                  "status": "affected",
                  "version": "1.1.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "1.0.3",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability [CWE-79] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.6, FortiOS 7.4 all versions, FortiOS 7.2 all versions, FortiPAM 1.8.0, FortiPAM 1.7 all versions, FortiPAM 1.6 all versions, FortiPAM 1.5 all versions, FortiPAM 1.4 all versions, FortiPAM 1.3 all versions, FortiPAM 1.2 all versions, FortiPAM 1.1 all versions, FortiPAM 1.0 all versions, FortiProxy 7.4.0 through 7.4.3, FortiProxy 7.2.0 through 7.2.9 may allow an authenticated remote user to execute code or commands via crafted requests."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:P/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "Execute unauthorized code or commands",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-14T15:19:47.183Z",
            "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
            "shortName": "fortinet"
          },
          "references": [
            {
              "name": "https://fortiguard.fortinet.com/psirt/FG-IR-26-150",
              "url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-150"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to FortiOS version 8.0.0 or above\nUpgrade to FortiOS version 7.6.7 or above\nUpgrade to FortiProxy version 7.4.4 or above\nUpgrade to FortiProxy version 7.2.10 or above\nUpgrade to FortiProxy version 7.0.17 or above\nUpgrade to FortiPAM version 1.9.0 or above\nUpgrade to FortiPAM version 1.8.1 or above\nFortinet remediated this issue in FortiSASE version 26.1.1 and hence customers do not need to perform any action.\nUpgrade to FortiSwitchManager version 7.2.5 or above\nUpgrade to FortiSwitchManager version 7.0.3 or above"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "assignerShortName": "fortinet",
        "cveId": "CVE-2026-23573",
        "datePublished": "2026-07-14T15:19:47.183Z",
        "dateReserved": "2026-01-14T14:46:20.539Z",
        "dateUpdated": "2026-07-14T16:02:17.037Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-59839 (GCVE-0-2026-59839)

    Vulnerability from cvelistv5 – Published: 2026-07-14 15:19 – Updated: 2026-07-14 16:02
    VLAI
    Summary
    A improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in Fortinet FortiOS 7.6.0 through 7.6.6, FortiOS 7.4.0 through 7.4.9, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions, FortiPAM 1.8.0, FortiPAM 1.7.0 through 1.7.2, FortiPAM 1.6 all versions, FortiPAM 1.5 all versions, FortiPAM 1.4 all versions, FortiPAM 1.3 all versions, FortiPAM 1.2 all versions, FortiPAM 1.1 all versions, FortiPAM 1.0 all versions, FortiProxy 7.6.0 through 7.6.5, FortiProxy 7.4 through 7.4.13, FortiProxy 7.2 all versions, FortiProxy 7.0 all versions may allow attacker to execute unauthorized code or commands via <insert attack vector here>
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-22 - Execute unauthorized code or commands
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fortinet FortiProxy Affected: 7.6.0 , ≤ 7.6.5 (semver)
    Affected: 7.4.0 , ≤ 7.4.13 (semver)
    Affected: 7.2.0 , ≤ 7.2.16 (semver)
    Affected: 7.0.0 , ≤ 7.0.23 (semver)
        cpe:2.3:a:fortinet:fortiproxy:7.6.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.6.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.6.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.6.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.6.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.6.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.13:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.12:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.11:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.10:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.9:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.16:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.15:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.14:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.13:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.12:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.11:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.10:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.9:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.23:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.22:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.21:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.20:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.19:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.18:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.17:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.16:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.15:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.14:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.13:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.12:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.11:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.10:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.9:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Fortinet FortiOS Affected: 7.6.0 , ≤ 7.6.6 (semver)
    Affected: 7.4.0 , ≤ 7.4.9 (semver)
    Affected: 7.2.0 , ≤ 7.2.13 (semver)
    Affected: 7.0.0 , ≤ 7.0.19 (semver)
    Affected: 6.4.0 , ≤ 6.4.16 (semver)
        cpe:2.3:o:fortinet:fortios:7.6.6:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.6.5:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.6.4:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.6.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.6.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.6.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.6.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.9:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.8:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.7:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.6:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.5:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.4:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.13:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.12:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.11:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.10:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.9:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.8:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.7:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.6:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.5:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.4:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.19:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.18:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.17:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.16:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.15:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.14:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.13:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.12:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.11:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.10:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.9:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.8:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.7:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.6:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.5:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.4:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.16:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.15:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.14:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.13:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.12:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.11:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.10:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.9:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.8:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.7:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.6:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.5:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.4:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Fortinet FortiPAM Affected: 1.8.0
    Affected: 1.7.0 , ≤ 1.7.2 (semver)
    Affected: 1.6.0 , ≤ 1.6.2 (semver)
    Affected: 1.5.0 , ≤ 1.5.1 (semver)
    Affected: 1.4.0 , ≤ 1.4.3 (semver)
    Affected: 1.3.0 , ≤ 1.3.1 (semver)
    Affected: 1.2.0
    Affected: 1.1.0 , ≤ 1.1.2 (semver)
    Affected: 1.0.0 , ≤ 1.0.3 (semver)
        cpe:2.3:o:fortinet:fortipam:1.8.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.7.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.7.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.7.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.6.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.6.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.6.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.5.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.5.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.4.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.4.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.4.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.4.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.3.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.3.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.2.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.1.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.1.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.1.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.0.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.0.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.0.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-59839",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-14T16:02:03.651467Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-14T16:02:10.053Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:fortinet:fortiproxy:7.6.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.6.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.6.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.6.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.6.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.6.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.13:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.12:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.11:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.10:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.16:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.15:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.14:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.13:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.12:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.11:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.10:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.23:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.22:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.21:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.20:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.19:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.18:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.17:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.16:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.15:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.14:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.13:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.12:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.11:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.10:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiProxy",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "7.6.5",
                  "status": "affected",
                  "version": "7.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.4.13",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.2.16",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.23",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:fortinet:fortios:7.6.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.6.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.6.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.6.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.6.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.6.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.6.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.7:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.13:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.10:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.7:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.19:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.18:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.17:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.16:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.15:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.14:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.13:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.10:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.7:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.16:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.15:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.14:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.13:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.10:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.7:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiOS",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "7.6.6",
                  "status": "affected",
                  "version": "7.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.4.9",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.2.13",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.19",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.4.16",
                  "status": "affected",
                  "version": "6.4.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:fortinet:fortipam:1.8.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.7.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.7.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.7.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.6.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.6.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.6.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.5.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.5.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.3.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.3.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.1.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.1.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.1.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.0.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiPAM",
              "vendor": "Fortinet",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.8.0"
                },
                {
                  "lessThanOrEqual": "1.7.2",
                  "status": "affected",
                  "version": "1.7.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "1.6.2",
                  "status": "affected",
                  "version": "1.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "1.5.1",
                  "status": "affected",
                  "version": "1.5.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "1.4.3",
                  "status": "affected",
                  "version": "1.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "1.3.1",
                  "status": "affected",
                  "version": "1.3.0",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "1.2.0"
                },
                {
                  "lessThanOrEqual": "1.1.2",
                  "status": "affected",
                  "version": "1.1.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "1.0.3",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A improper limitation of a pathname to a restricted directory (\u0027path traversal\u0027) vulnerability in Fortinet FortiOS 7.6.0 through 7.6.6, FortiOS 7.4.0 through 7.4.9, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions, FortiPAM 1.8.0, FortiPAM 1.7.0 through 1.7.2, FortiPAM 1.6 all versions, FortiPAM 1.5 all versions, FortiPAM 1.4 all versions, FortiPAM 1.3 all versions, FortiPAM 1.2 all versions, FortiPAM 1.1 all versions, FortiPAM 1.0 all versions, FortiProxy 7.6.0 through 7.6.5, FortiProxy 7.4 through 7.4.13, FortiProxy 7.2 all versions, FortiProxy 7.0 all versions may allow attacker to execute unauthorized code or commands via \u003cinsert attack vector here\u003e"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "PHYSICAL",
                "availabilityImpact": "HIGH",
                "baseScore": 5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H/E:P/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "Execute unauthorized code or commands",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-14T15:19:46.961Z",
            "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
            "shortName": "fortinet"
          },
          "references": [
            {
              "name": "https://fortiguard.fortinet.com/psirt/FG-IR-26-151",
              "url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-151"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to FortiProxy version 7.6.6 or above\nUpgrade to FortiOS version 8.0.0 or above\nUpgrade to FortiOS version 7.6.7 or above\nUpgrade to FortiOS version 7.4.10 or above\nFortinet remediated this issue in FortiSASE version 26.1.1 and hence customers do not need to perform any action.\nUpgrade to FortiPAM version 1.9.0 or above\nUpgrade to FortiPAM version 1.8.1 or above\nUpgrade to FortiSwitchManager version 7.2.8 or above"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "assignerShortName": "fortinet",
        "cveId": "CVE-2026-59839",
        "datePublished": "2026-07-14T15:19:46.961Z",
        "dateReserved": "2026-07-07T15:21:31.715Z",
        "dateUpdated": "2026-07-14T16:02:10.053Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-62826 (GCVE-0-2025-62826)

    Vulnerability from cvelistv5 – Published: 2026-07-14 15:19 – Updated: 2026-07-14 16:02
    VLAI
    Summary
    An Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') vulnerability [CWE-113] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.4, FortiOS 7.4 all versions, FortiOS 7.2 all versions, FortiProxy 7.6.0 through 7.6.4, FortiProxy 7.4 all versions, FortiProxy 7.2 all versions may allow an attacker able to intercept and modify a user's captive portal authentication request to inject arbitrary headers via crafted HTTP requests.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-113 - Execute unauthorized code or commands
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fortinet FortiPAM Affected: 1.7.0
    Affected: 1.6.0 , ≤ 1.6.2 (semver)
    Affected: 1.5.0 , ≤ 1.5.1 (semver)
    Affected: 1.4.0 , ≤ 1.4.3 (semver)
    Affected: 1.3.0 , ≤ 1.3.1 (semver)
    Affected: 1.2.0
    Affected: 1.1.0 , ≤ 1.1.2 (semver)
    Affected: 1.0.0 , ≤ 1.0.3 (semver)
        cpe:2.3:o:fortinet:fortipam:1.7.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.6.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.6.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.6.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.5.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.5.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.4.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.4.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.4.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.4.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.3.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.3.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.2.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.1.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.1.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.1.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.0.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.0.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.0.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Fortinet FortiProxy Affected: 7.6.0 , ≤ 7.6.4 (semver)
    Affected: 7.4.0 , ≤ 7.4.14 (semver)
    Affected: 7.2.0 , ≤ 7.2.16 (semver)
    Affected: 7.0.0 , ≤ 7.0.23 (semver)
        cpe:2.3:a:fortinet:fortiproxy:7.6.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.6.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.6.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.6.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.6.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.14:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.13:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.12:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.11:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.10:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.9:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.16:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.15:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.14:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.13:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.12:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.11:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.10:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.9:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.23:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.22:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.21:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.20:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.19:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.18:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.17:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.16:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.15:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.14:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.13:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.12:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.11:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.10:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.9:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Fortinet FortiOS Affected: 7.6.0 , ≤ 7.6.2 (semver)
    Affected: 7.4.0 , ≤ 7.4.8 (semver)
    Affected: 7.2.0 , ≤ 7.2.13 (semver)
    Affected: 7.0.0 , ≤ 7.0.19 (semver)
    Affected: 6.4.0 , ≤ 6.4.16 (semver)
        cpe:2.3:o:fortinet:fortios:7.6.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.6.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.6.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.8:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.7:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.6:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.5:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.4:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.13:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.12:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.11:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.10:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.9:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.8:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.7:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.6:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.5:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.4:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.19:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.18:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.17:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.16:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.15:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.14:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.13:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.12:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.11:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.10:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.9:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.8:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.7:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.6:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.5:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.4:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.16:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.15:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.14:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.13:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.12:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.11:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.10:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.9:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.8:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.7:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.6:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.5:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.4:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-62826",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-14T16:02:21.507604Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-14T16:02:27.387Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:o:fortinet:fortipam:1.7.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.6.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.6.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.6.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.5.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.5.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.3.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.3.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.1.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.1.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.1.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.0.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiPAM",
              "vendor": "Fortinet",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.7.0"
                },
                {
                  "lessThanOrEqual": "1.6.2",
                  "status": "affected",
                  "version": "1.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "1.5.1",
                  "status": "affected",
                  "version": "1.5.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "1.4.3",
                  "status": "affected",
                  "version": "1.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "1.3.1",
                  "status": "affected",
                  "version": "1.3.0",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "1.2.0"
                },
                {
                  "lessThanOrEqual": "1.1.2",
                  "status": "affected",
                  "version": "1.1.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "1.0.3",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:fortinet:fortiproxy:7.6.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.6.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.6.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.6.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.6.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.14:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.13:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.12:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.11:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.10:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.16:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.15:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.14:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.13:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.12:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.11:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.10:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.23:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.22:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.21:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.20:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.19:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.18:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.17:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.16:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.15:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.14:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.13:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.12:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.11:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.10:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiProxy",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "7.6.4",
                  "status": "affected",
                  "version": "7.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.4.14",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.2.16",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.23",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:fortinet:fortios:7.6.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.6.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.6.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.7:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.13:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.10:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.7:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.19:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.18:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.17:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.16:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.15:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.14:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.13:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.10:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.7:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.16:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.15:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.14:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.13:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.10:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.7:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiOS",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "7.6.2",
                  "status": "affected",
                  "version": "7.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.4.8",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.2.13",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.19",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.4.16",
                  "status": "affected",
                  "version": "6.4.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An Improper Neutralization of CRLF Sequences in HTTP Headers (\u0027HTTP Response Splitting\u0027) vulnerability [CWE-113] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.4, FortiOS 7.4 all versions, FortiOS 7.2 all versions, FortiProxy 7.6.0 through 7.6.4, FortiProxy 7.4 all versions, FortiProxy 7.2 all versions may allow an attacker able to intercept and modify a user\u0027s captive portal authentication request to inject arbitrary headers via crafted HTTP requests."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 3.1,
                "baseSeverity": "LOW",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-113",
                  "description": "Execute unauthorized code or commands",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-14T15:19:46.918Z",
            "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
            "shortName": "fortinet"
          },
          "references": [
            {
              "name": "https://fortiguard.fortinet.com/psirt/FG-IR-26-153",
              "url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-153"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to FortiProxy version 7.6.5 or above\nUpgrade to upcoming  FortiOS version 8.0.0 or above\nUpgrade to FortiOS version 7.6.5 or above\nFortinet remediated this issue in FortiSASE version 25.4.b and hence customers do not need to perform any action.\nFortinet remediated this issue in FortiSASE version 25.4.a and hence customers do not need to perform any action."
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "assignerShortName": "fortinet",
        "cveId": "CVE-2025-62826",
        "datePublished": "2026-07-14T15:19:46.918Z",
        "dateReserved": "2025-10-23T11:55:45.919Z",
        "dateUpdated": "2026-07-14T16:02:27.387Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-62675 (GCVE-0-2025-62675)

    Vulnerability from cvelistv5 – Published: 2026-07-14 15:15 – Updated: 2026-07-14 16:02
    VLAI
    Summary
    An Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') vulnerability [CWE-113] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.4, FortiOS 7.4 all versions, FortiOS 7.2 all versions, FortiProxy 7.6.0 through 7.6.4, FortiProxy 7.4 all versions, FortiProxy 7.2 all versions may allow an attacker in possession of a valid web filter override token to inject arbitrary headers via tricking a user into clicking on a crafted link.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-113 - Execute unauthorized code or commands
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fortinet FortiOS Affected: 7.6.0 , ≤ 7.6.4 (semver)
    Affected: 7.4.0 , ≤ 7.4.12 (semver)
    Affected: 7.2.0 , ≤ 7.2.13 (semver)
    Affected: 7.0.0 , ≤ 7.0.19 (semver)
    Affected: 6.4.0 , ≤ 6.4.16 (semver)
        cpe:2.3:o:fortinet:fortios:7.6.4:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.6.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.6.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.6.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.6.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.12:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.11:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.10:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.9:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.8:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.7:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.6:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.5:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.4:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.13:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.12:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.11:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.10:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.9:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.8:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.7:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.6:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.5:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.4:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.19:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.18:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.17:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.16:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.15:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.14:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.13:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.12:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.11:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.10:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.9:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.8:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.7:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.6:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.5:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.4:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.16:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.15:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.14:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.13:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.12:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.11:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.10:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.9:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.8:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.7:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.6:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.5:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.4:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Fortinet FortiPAM Affected: 1.7.0
    Affected: 1.6.0 , ≤ 1.6.2 (semver)
    Affected: 1.5.0 , ≤ 1.5.1 (semver)
    Affected: 1.4.0 , ≤ 1.4.3 (semver)
    Affected: 1.3.0 , ≤ 1.3.1 (semver)
    Affected: 1.2.0
    Affected: 1.1.0 , ≤ 1.1.2 (semver)
    Affected: 1.0.0 , ≤ 1.0.3 (semver)
        cpe:2.3:o:fortinet:fortipam:1.7.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.6.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.6.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.6.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.5.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.5.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.4.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.4.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.4.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.4.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.3.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.3.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.2.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.1.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.1.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.1.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.0.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.0.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.0.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Fortinet FortiProxy Affected: 7.6.0 , ≤ 7.6.4 (semver)
    Affected: 7.4.0 , ≤ 7.4.14 (semver)
    Affected: 7.2.0 , ≤ 7.2.16 (semver)
    Affected: 7.0.0 , ≤ 7.0.23 (semver)
        cpe:2.3:a:fortinet:fortiproxy:7.6.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.6.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.6.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.6.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.6.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.14:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.13:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.12:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.11:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.10:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.9:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.16:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.15:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.14:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.13:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.12:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.11:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.10:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.9:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.23:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.22:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.21:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.20:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.19:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.18:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.17:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.16:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.15:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.14:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.13:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.12:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.11:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.10:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.9:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-62675",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-14T16:02:37.813993Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-14T16:02:45.423Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:o:fortinet:fortios:7.6.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.6.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.6.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.6.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.6.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.10:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.7:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.13:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.10:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.7:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.19:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.18:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.17:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.16:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.15:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.14:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.13:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.10:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.7:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.16:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.15:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.14:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.13:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.10:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.7:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiOS",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "7.6.4",
                  "status": "affected",
                  "version": "7.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.4.12",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.2.13",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.19",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.4.16",
                  "status": "affected",
                  "version": "6.4.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:fortinet:fortipam:1.7.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.6.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.6.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.6.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.5.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.5.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.3.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.3.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.1.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.1.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.1.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.0.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiPAM",
              "vendor": "Fortinet",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.7.0"
                },
                {
                  "lessThanOrEqual": "1.6.2",
                  "status": "affected",
                  "version": "1.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "1.5.1",
                  "status": "affected",
                  "version": "1.5.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "1.4.3",
                  "status": "affected",
                  "version": "1.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "1.3.1",
                  "status": "affected",
                  "version": "1.3.0",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "1.2.0"
                },
                {
                  "lessThanOrEqual": "1.1.2",
                  "status": "affected",
                  "version": "1.1.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "1.0.3",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:fortinet:fortiproxy:7.6.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.6.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.6.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.6.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.6.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.14:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.13:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.12:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.11:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.10:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.16:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.15:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.14:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.13:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.12:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.11:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.10:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.23:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.22:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.21:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.20:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.19:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.18:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.17:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.16:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.15:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.14:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.13:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.12:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.11:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.10:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiProxy",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "7.6.4",
                  "status": "affected",
                  "version": "7.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.4.14",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.2.16",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.23",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An Improper Neutralization of CRLF Sequences in HTTP Headers (\u0027HTTP Response Splitting\u0027) vulnerability [CWE-113] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.4, FortiOS 7.4 all versions, FortiOS 7.2 all versions, FortiProxy 7.6.0 through 7.6.4, FortiProxy 7.4 all versions, FortiProxy 7.2 all versions may allow an attacker in possession of a valid web filter override token to inject arbitrary headers via tricking a user into clicking on a crafted link."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 3.4,
                "baseSeverity": "LOW",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N/E:P/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-113",
                  "description": "Execute unauthorized code or commands",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-14T15:15:12.695Z",
            "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
            "shortName": "fortinet"
          },
          "references": [
            {
              "name": "https://fortiguard.fortinet.com/psirt/FG-IR-26-152",
              "url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-152"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Fortinet remediated this issue in FortiSASE version 25.4.b and hence customers do not need to perform any action.\nUpgrade to FortiProxy version 7.6.5 or above\nUpgrade to FortiOS version 8.0.0 or above\nUpgrade to FortiOS version 7.6.5 or above"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "assignerShortName": "fortinet",
        "cveId": "CVE-2025-62675",
        "datePublished": "2026-07-14T15:15:12.695Z",
        "dateReserved": "2025-10-20T08:07:37.650Z",
        "dateUpdated": "2026-07-14T16:02:45.423Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-59836 (GCVE-0-2026-59836)

    Vulnerability from cvelistv5 – Published: 2026-07-14 15:15 – Updated: 2026-07-14 16:03
    VLAI
    Summary
    A improper certificate validation vulnerability in Fortinet FortiClientEMS 7.4.3 through 7.4.5, FortiClientEMS 7.4.0 through 7.4.1, FortiClientEMS 7.2 all versions may allow attacker to information disclosure via <insert attack vector here>
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fortinet FortiClientEMS Affected: 7.4.3 , ≤ 7.4.5 (semver)
    Affected: 7.4.0 , ≤ 7.4.1 (semver)
    Affected: 7.2.12 , ≤ 7.2.14 (semver)
    Affected: 7.2.0 , ≤ 7.2.10 (semver)
        cpe:2.3:a:fortinet:forticlientems:7.4.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticlientems:7.4.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticlientems:7.4.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticlientems:7.4.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticlientems:7.4.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticlientems:7.2.14:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticlientems:7.2.13:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticlientems:7.2.12:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticlientems:7.2.10:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticlientems:7.2.9:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticlientems:7.2.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticlientems:7.2.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticlientems:7.2.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticlientems:7.2.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticlientems:7.2.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticlientems:7.2.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticlientems:7.2.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticlientems:7.2.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticlientems:7.2.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-59836",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-14T16:02:57.250970Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-14T16:03:03.056Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:fortinet:forticlientems:7.4.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticlientems:7.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticlientems:7.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticlientems:7.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticlientems:7.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticlientems:7.2.14:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticlientems:7.2.13:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticlientems:7.2.12:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticlientems:7.2.10:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticlientems:7.2.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticlientems:7.2.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticlientems:7.2.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticlientems:7.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticlientems:7.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticlientems:7.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticlientems:7.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticlientems:7.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticlientems:7.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticlientems:7.2.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiClientEMS",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "7.4.5",
                  "status": "affected",
                  "version": "7.4.3",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.4.1",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.2.14",
                  "status": "affected",
                  "version": "7.2.12",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.2.10",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A improper certificate validation vulnerability in Fortinet FortiClientEMS 7.4.3 through 7.4.5, FortiClientEMS 7.4.0 through 7.4.1, FortiClientEMS 7.2 all versions may allow attacker to information disclosure via \u003cinsert attack vector here\u003e"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-295",
                  "description": "Information disclosure",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-14T15:15:08.063Z",
            "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
            "shortName": "fortinet"
          },
          "references": [
            {
              "name": "https://fortiguard.fortinet.com/psirt/FG-IR-26-147",
              "url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-147"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to upcoming  FortiClientEMS version 8.0.0 or above\nUpgrade to FortiClientEMS version 7.4.6 or above"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "assignerShortName": "fortinet",
        "cveId": "CVE-2026-59836",
        "datePublished": "2026-07-14T15:15:08.063Z",
        "dateReserved": "2026-07-07T15:21:26.614Z",
        "dateUpdated": "2026-07-14T16:03:03.056Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-59841 (GCVE-0-2026-59841)

    Vulnerability from cvelistv5 – Published: 2026-07-14 15:15 – Updated: 2026-07-14 15:50
    VLAI
    Summary
    A improper restriction of communication channel to intended endpoints vulnerability in Fortinet FortiSIEMWindowsAgent 7.4.0 through 7.4.1 may allow attacker to escalation of privilege via <insert attack vector here>
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-923 - Escalation of privilege
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fortinet FortiSIEMWindowsAgent Affected: 7.4.0 , ≤ 7.4.1 (semver)
        cpe:2.3:a:fortinet:fortisiemwindowsagent:7.4.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisiemwindowsagent:7.4.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-59841",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-14T15:50:33.791638Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-14T15:50:40.449Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:fortinet:fortisiemwindowsagent:7.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisiemwindowsagent:7.4.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiSIEMWindowsAgent",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "7.4.1",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A improper restriction of communication channel to intended endpoints vulnerability in Fortinet FortiSIEMWindowsAgent 7.4.0 through 7.4.1 may allow attacker to escalation of privilege via \u003cinsert attack vector here\u003e"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-923",
                  "description": "Escalation of privilege",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-14T15:15:08.048Z",
            "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
            "shortName": "fortinet"
          },
          "references": [
            {
              "name": "https://fortiguard.fortinet.com/psirt/FG-IR-26-155",
              "url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-155"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to FortiSIEMWindowsAgent version 7.4.2 or above"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "assignerShortName": "fortinet",
        "cveId": "CVE-2026-59841",
        "datePublished": "2026-07-14T15:15:08.048Z",
        "dateReserved": "2026-07-07T15:21:38.323Z",
        "dateUpdated": "2026-07-14T15:50:40.449Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-53379 (GCVE-0-2025-53379)

    Vulnerability from cvelistv5 – Published: 2026-07-14 15:13 – Updated: 2026-07-14 15:56
    VLAI
    Summary
    A out-of-bounds read vulnerability in Fortinet FortiAuthenticator 6.6.0 through 6.6.2, FortiAuthenticator 6.5 all versions may allow a remote unauthenticated attacker to retrieve sensitive information via a specially crafted request.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fortinet FortiAuthenticator Affected: 6.6.0 , ≤ 6.6.2 (semver)
    Affected: 6.5.0 , ≤ 6.5.7 (semver)
    Affected: 6.4.0 , ≤ 6.4.11 (semver)
    Affected: 6.3.0 , ≤ 6.3.5 (semver)
        cpe:2.3:a:fortinet:fortiauthenticator:6.6.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiauthenticator:6.6.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiauthenticator:6.6.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiauthenticator:6.5.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiauthenticator:6.5.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiauthenticator:6.5.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiauthenticator:6.5.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiauthenticator:6.5.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiauthenticator:6.5.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiauthenticator:6.5.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiauthenticator:6.5.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiauthenticator:6.4.11:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiauthenticator:6.4.10:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiauthenticator:6.4.9:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiauthenticator:6.4.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiauthenticator:6.4.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiauthenticator:6.4.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiauthenticator:6.4.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiauthenticator:6.4.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiauthenticator:6.4.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiauthenticator:6.4.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiauthenticator:6.4.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiauthenticator:6.4.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiauthenticator:6.3.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiauthenticator:6.3.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiauthenticator:6.3.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiauthenticator:6.3.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiauthenticator:6.3.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiauthenticator:6.3.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-53379",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-14T15:55:57.538368Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-14T15:56:07.256Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:fortinet:fortiauthenticator:6.6.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiauthenticator:6.6.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiauthenticator:6.6.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiauthenticator:6.5.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiauthenticator:6.5.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiauthenticator:6.5.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiauthenticator:6.5.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiauthenticator:6.5.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiauthenticator:6.5.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiauthenticator:6.5.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiauthenticator:6.5.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiauthenticator:6.4.11:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiauthenticator:6.4.10:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiauthenticator:6.4.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiauthenticator:6.4.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiauthenticator:6.4.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiauthenticator:6.4.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiauthenticator:6.4.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiauthenticator:6.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiauthenticator:6.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiauthenticator:6.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiauthenticator:6.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiauthenticator:6.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiauthenticator:6.3.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiauthenticator:6.3.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiauthenticator:6.3.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiauthenticator:6.3.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiauthenticator:6.3.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiauthenticator:6.3.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiAuthenticator",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "6.6.2",
                  "status": "affected",
                  "version": "6.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.5.7",
                  "status": "affected",
                  "version": "6.5.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.4.11",
                  "status": "affected",
                  "version": "6.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.3.5",
                  "status": "affected",
                  "version": "6.3.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A out-of-bounds read vulnerability in Fortinet FortiAuthenticator 6.6.0 through 6.6.2, FortiAuthenticator 6.5 all versions may allow a remote unauthenticated attacker to retrieve sensitive information via a specially crafted request."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "Information disclosure",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-14T15:13:02.254Z",
            "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
            "shortName": "fortinet"
          },
          "references": [
            {
              "name": "https://fortiguard.fortinet.com/psirt/FG-IR-26-146",
              "url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-146"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to FortiAuthenticator version 6.6.3 or above"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "assignerShortName": "fortinet",
        "cveId": "CVE-2025-53379",
        "datePublished": "2026-07-14T15:13:02.254Z",
        "dateReserved": "2025-06-27T15:44:12.816Z",
        "dateUpdated": "2026-07-14T15:56:07.256Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-59835 (GCVE-0-2026-59835)

    Vulnerability from cvelistv5 – Published: 2026-07-14 15:12 – Updated: 2026-07-14 15:55
    VLAI
    Summary
    A exposure of resource to wrong sphere vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.2, FortiSandbox 4.4.3 through 4.4.8 may allow an unauthenticated attacker to access the VNC server of VMs performing scanning via network requests.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fortinet FortiSandbox Affected: 5.0.0 , ≤ 5.0.2 (semver)
    Affected: 4.4.3 , ≤ 4.4.8 (semver)
        cpe:2.3:a:fortinet:fortisandbox:5.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandbox:5.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandbox:5.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandbox:4.4.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandbox:4.4.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandbox:4.4.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandbox:4.4.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandbox:4.4.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandbox:4.4.3:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-59835",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-14T15:55:18.212803Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-14T15:55:23.469Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:fortinet:fortisandbox:5.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandbox:5.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandbox:5.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandbox:4.4.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandbox:4.4.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandbox:4.4.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandbox:4.4.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandbox:4.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandbox:4.4.3:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiSandbox",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "5.0.2",
                  "status": "affected",
                  "version": "5.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "4.4.8",
                  "status": "affected",
                  "version": "4.4.3",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A exposure of resource to wrong sphere vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.2, FortiSandbox 4.4.3 through 4.4.8 may allow an unauthenticated attacker to access the VNC server of VMs performing scanning via network requests."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 7.7,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L/E:P/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-668",
                  "description": "Information disclosure",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-14T15:12:20.855Z",
            "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
            "shortName": "fortinet"
          },
          "references": [
            {
              "name": "https://fortiguard.fortinet.com/psirt/FG-IR-26-145",
              "url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-145"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to FortiSandbox version 5.0.3 or above\nUpgrade to FortiSandbox version 4.4.9 or above"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "assignerShortName": "fortinet",
        "cveId": "CVE-2026-59835",
        "datePublished": "2026-07-14T15:12:20.855Z",
        "dateReserved": "2026-07-07T15:21:25.057Z",
        "dateUpdated": "2026-07-14T15:55:23.469Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-59837 (GCVE-0-2026-59837)

    Vulnerability from cvelistv5 – Published: 2026-07-14 15:06 – Updated: 2026-07-14 15:50
    VLAI
    Summary
    A stack-based buffer overflow vulnerability in Fortinet FortiOS 7.4.0 through 7.4.1, FortiOS 7.2 all versions, FortiPAM 1.8.0 through 1.8.2, FortiPAM 1.7 all versions, FortiPAM 1.6 all versions, FortiPAM 1.5 all versions, FortiPAM 1.4 all versions, FortiPAM 1.3 all versions, FortiPAM 1.2 all versions, FortiPAM 1.1 all versions, FortiPAM 1.0 all versions, FortiProxy 7.4.0 through 7.4.13, FortiProxy 7.2 all versions may allow a privileged authenticated attacker who can bypass stack protection and ASLR to execute arbitrary code or commands via crafted HTTP requests.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-121 - Execute unauthorized code or commands
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fortinet FortiPAM Affected: 1.8.0 , ≤ 1.8.2 (semver)
    Affected: 1.7.0 , ≤ 1.7.2 (semver)
    Affected: 1.6.0 , ≤ 1.6.2 (semver)
    Affected: 1.5.0 , ≤ 1.5.1 (semver)
    Affected: 1.4.0 , ≤ 1.4.3 (semver)
    Affected: 1.3.0 , ≤ 1.3.1 (semver)
    Affected: 1.2.0
    Affected: 1.1.0 , ≤ 1.1.2 (semver)
    Affected: 1.0.0 , ≤ 1.0.3 (semver)
        cpe:2.3:o:fortinet:fortipam:1.8.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.8.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.8.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.7.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.7.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.7.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.6.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.6.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.6.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.5.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.5.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.4.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.4.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.4.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.4.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.3.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.3.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.2.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.1.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.1.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.1.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.0.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.0.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.0.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Fortinet FortiSASE Affected: 26.1.1 , ≤ 26.1.2 (semver)
        cpe:2.3:a:fortinet:fortisase:26.1.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisase:26.1.1:*:*:*:*:*:*:*
    Create a notification for this product.
    Fortinet FortiProxy Affected: 7.4.0 , ≤ 7.4.13 (semver)
    Affected: 7.2.0 , ≤ 7.2.16 (semver)
        cpe:2.3:a:fortinet:fortiproxy:7.4.13:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.12:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.11:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.10:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.9:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.16:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.15:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.14:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.13:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.12:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.11:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.10:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.9:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Fortinet FortiOS Affected: 7.4.0 , ≤ 7.4.1 (semver)
    Affected: 7.2.0 , ≤ 7.2.13 (semver)
    Affected: 7.0.0 , ≤ 7.0.19 (semver)
    Affected: 6.4.0 , ≤ 6.4.16 (semver)
        cpe:2.3:o:fortinet:fortios:7.4.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.13:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.12:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.11:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.10:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.9:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.8:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.7:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.6:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.5:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.4:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.19:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.18:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.17:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.16:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.15:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.14:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.13:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.12:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.11:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.10:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.9:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.8:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.7:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.6:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.5:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.4:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.16:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.15:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.14:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.13:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.12:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.11:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.10:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.9:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.8:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.7:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.6:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.5:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.4:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-59837",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-14T15:50:08.862887Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-14T15:50:14.760Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:o:fortinet:fortipam:1.8.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.8.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.8.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.7.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.7.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.7.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.6.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.6.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.6.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.5.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.5.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.3.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.3.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.1.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.1.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.1.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.0.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiPAM",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "1.8.2",
                  "status": "affected",
                  "version": "1.8.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "1.7.2",
                  "status": "affected",
                  "version": "1.7.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "1.6.2",
                  "status": "affected",
                  "version": "1.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "1.5.1",
                  "status": "affected",
                  "version": "1.5.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "1.4.3",
                  "status": "affected",
                  "version": "1.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "1.3.1",
                  "status": "affected",
                  "version": "1.3.0",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "1.2.0"
                },
                {
                  "lessThanOrEqual": "1.1.2",
                  "status": "affected",
                  "version": "1.1.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "1.0.3",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:fortinet:fortisase:26.1.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisase:26.1.1:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiSASE",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "26.1.2",
                  "status": "affected",
                  "version": "26.1.1",
                  "versionType": "semver"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:fortinet:fortiproxy:7.4.13:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.12:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.11:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.10:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.16:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.15:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.14:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.13:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.12:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.11:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.10:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiProxy",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "7.4.13",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.2.16",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:fortinet:fortios:7.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.13:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.10:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.7:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.19:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.18:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.17:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.16:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.15:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.14:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.13:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.10:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.7:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.16:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.15:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.14:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.13:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.10:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.7:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiOS",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "7.4.1",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.2.13",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.19",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.4.16",
                  "status": "affected",
                  "version": "6.4.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A stack-based buffer overflow vulnerability in Fortinet FortiOS 7.4.0 through 7.4.1, FortiOS 7.2 all versions, FortiPAM 1.8.0 through 1.8.2, FortiPAM 1.7 all versions, FortiPAM 1.6 all versions, FortiPAM 1.5 all versions, FortiPAM 1.4 all versions, FortiPAM 1.3 all versions, FortiPAM 1.2 all versions, FortiPAM 1.1 all versions, FortiPAM 1.0 all versions, FortiProxy 7.4.0 through 7.4.13, FortiProxy 7.2 all versions may allow a privileged authenticated attacker who can bypass stack protection and ASLR to execute arbitrary code or commands via crafted HTTP requests."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "Execute unauthorized code or commands",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-14T15:06:31.443Z",
            "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
            "shortName": "fortinet"
          },
          "references": [
            {
              "name": "https://fortiguard.fortinet.com/psirt/FG-IR-26-148",
              "url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-148"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to FortiOS version 8.0.0 or above\nUpgrade to FortiOS version 7.6.0 or above\nUpgrade to FortiOS version 7.4.2 or above\nUpgrade to FortiPAM version 1.9.0 or above\nUpgrade to FortiPAM version 1.8.3 or above\nUpgrade to FortiProxy version 7.6.0 or above\nUpgrade to FortiProxy version 7.4.14 or above"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "assignerShortName": "fortinet",
        "cveId": "CVE-2026-59837",
        "datePublished": "2026-07-14T15:06:31.443Z",
        "dateReserved": "2026-07-07T15:21:27.537Z",
        "dateUpdated": "2026-07-14T15:50:14.760Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-67862 (GCVE-0-2025-67862)

    Vulnerability from cvelistv5 – Published: 2026-06-09 14:27 – Updated: 2026-07-14 12:43
    VLAI
    Summary
    An Internal Asset Exposed to Unsafe Debug Access Level or State vulnerability [CWE-1244] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.2, FortiOS 7.4.0 through 7.4.7, FortiOS 7.2.0 through 7.2.10, FortiOS 7.0.0 through 7.0.16, FortiOS 6.4 all versions, FortiProxy 7.6.0 through 7.6.3, FortiProxy 7.4.0 through 7.4.10, FortiProxy 7.2.0 through 7.2.14, FortiProxy 7.0 all versions may allow an authenticated admin to execute lua scripts via crafted CLI commands.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-1244 - Execute unauthorized code or commands
    Assigner
    Impacted products
    Vendor Product Version
    Fortinet FortiOS Affected: 7.6.0 , ≤ 7.6.1 (semver)
    Affected: 7.4.0 , ≤ 7.4.6 (semver)
    Affected: 7.2.0 , ≤ 7.2.10 (semver)
    Affected: 7.0.0 , ≤ 7.0.16 (semver)
    Affected: 6.4.0 , ≤ 6.4.16 (semver)
        cpe:2.3:o:fortinet:fortios:7.6.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.6.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.6:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.5:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.4:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.10:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.9:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.8:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.7:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.6:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.5:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.4:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.16:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.15:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.14:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.13:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.12:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.11:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.10:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.9:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.8:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.7:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.6:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.5:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.4:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.16:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.15:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.14:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.13:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.12:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.11:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.10:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.9:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.8:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.7:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.6:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.5:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.4:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Fortinet FortiProxy Affected: 7.6.0 , ≤ 7.6.3 (semver)
    Affected: 7.4.0 , ≤ 7.4.10 (semver)
    Affected: 7.2.0 , ≤ 7.2.14 (semver)
    Affected: 7.0.0 , ≤ 7.0.23 (semver)
        cpe:2.3:a:fortinet:fortiproxy:7.6.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.6.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.6.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.6.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.10:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.9:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.14:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.13:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.12:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.11:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.10:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.9:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.23:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.22:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.21:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.20:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.19:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.18:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.17:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.16:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.15:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.14:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.13:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.12:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.11:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.10:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.9:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Siemens RUGGEDCOM APE1808 Affected: 0 , < * (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-67862",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-09T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-10T03:58:56.818Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "affected": [
              {
                "defaultStatus": "unknown",
                "product": "RUGGEDCOM APE1808",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-14T12:43:47.225Z",
              "orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
              "shortName": "siemens-SADP"
            },
            "references": [
              {
                "url": "https://cert-portal.siemens.com/productcert/html/ssa-864900.html"
              }
            ],
            "x_adpType": "supplier"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:o:fortinet:fortios:7.6.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.6.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.10:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.7:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.16:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.15:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.14:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.13:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.10:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.7:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.16:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.15:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.14:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.13:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.10:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.7:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiOS",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "7.6.1",
                  "status": "affected",
                  "version": "7.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.4.6",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.2.10",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.16",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.4.16",
                  "status": "affected",
                  "version": "6.4.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:fortinet:fortiproxy:7.6.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.6.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.6.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.6.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.10:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.14:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.13:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.12:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.11:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.10:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.23:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.22:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.21:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.20:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.19:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.18:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.17:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.16:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.15:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.14:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.13:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.12:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.11:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.10:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiProxy",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "7.6.3",
                  "status": "affected",
                  "version": "7.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.4.10",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.2.14",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.23",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An Internal Asset Exposed to Unsafe Debug Access Level or State vulnerability [CWE-1244] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.2, FortiOS 7.4.0 through 7.4.7, FortiOS 7.2.0 through 7.2.10, FortiOS 7.0.0 through 7.0.16, FortiOS 6.4 all versions, FortiProxy 7.6.0 through 7.6.3, FortiProxy 7.4.0 through 7.4.10, FortiProxy 7.2.0 through 7.2.14, FortiProxy 7.0 all versions may allow an authenticated admin to execute lua scripts via crafted CLI commands."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1244",
                  "description": "Execute unauthorized code or commands",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-09T14:27:50.485Z",
            "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
            "shortName": "fortinet"
          },
          "references": [
            {
              "name": "https://fortiguard.fortinet.com/psirt/FG-IR-26-143",
              "url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-143"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to FortiOS version 7.6.3 or above\nUpgrade to FortiOS version 7.4.8 or above\nUpgrade to FortiOS version 7.2.11 or above\nUpgrade to FortiOS version 7.0.17 or above\nUpgrade to FortiProxy version 7.6.4 or above\nUpgrade to FortiProxy version 7.4.11 or above\nUpgrade to FortiProxy version 7.2.15 or above"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "assignerShortName": "fortinet",
        "cveId": "CVE-2025-67862",
        "datePublished": "2026-06-09T14:27:50.485Z",
        "dateReserved": "2025-12-12T15:39:26.251Z",
        "dateUpdated": "2026-07-14T12:43:47.225Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-25089 (GCVE-0-2026-25089)

    Vulnerability from cvelistv5 – Published: 2026-06-09 14:27 – Updated: 2026-06-10 13:35
    VLAI
    Summary
    A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8, FortiSandbox 4.2 all versions, FortiSandbox Cloud 5.0.4 through 5.0.5, FortiSandbox PaaS 5.0.4 through 5.0.5 may allow an unauthenticated attacker to execute unauthorized commands via specifically crafted HTTP requests
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Execute unauthorized code or commands
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fortinet FortiSandbox Affected: 5.0.0 , ≤ 5.0.5 (semver)
    Affected: 4.4.0 , ≤ 4.4.8 (semver)
    Affected: 4.2.1 , ≤ 4.2.8 (semver)
        cpe:2.3:a:fortinet:fortisandbox:5.0.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandbox:5.0.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandbox:5.0.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandbox:5.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandbox:5.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandbox:5.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandbox:4.4.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandbox:4.4.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandbox:4.4.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandbox:4.4.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandbox:4.4.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandbox:4.4.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandbox:4.4.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandbox:4.4.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandbox:4.4.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandbox:4.2.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandbox:4.2.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandbox:4.2.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandbox:4.2.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandbox:4.2.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandbox:4.2.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandbox:4.2.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandbox:4.2.1:*:*:*:*:*:*:*
    Create a notification for this product.
    Fortinet FortiSandbox Cloud Affected: 5.0.4 , ≤ 5.0.5 (semver)
        cpe:2.3:a:fortinet:fortisandboxcloud:5.0.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandboxcloud:5.0.4:*:*:*:*:*:*:*
    Create a notification for this product.
    Fortinet FortiSandbox PaaS Affected: 5.0.4 , ≤ 5.0.5 (semver)
        cpe:2.3:a:fortinet:fortisandboxpaas:5.0.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandboxpaas:5.0.4:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-25089",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-10T03:58:38.447554Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-10T13:35:01.375Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:fortinet:fortisandbox:5.0.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandbox:5.0.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandbox:5.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandbox:5.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandbox:5.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandbox:5.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandbox:4.4.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandbox:4.4.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandbox:4.4.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandbox:4.4.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandbox:4.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandbox:4.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandbox:4.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandbox:4.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandbox:4.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandbox:4.2.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandbox:4.2.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandbox:4.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandbox:4.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandbox:4.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandbox:4.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandbox:4.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandbox:4.2.1:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiSandbox",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "5.0.5",
                  "status": "affected",
                  "version": "5.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "4.4.8",
                  "status": "affected",
                  "version": "4.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "4.2.8",
                  "status": "affected",
                  "version": "4.2.1",
                  "versionType": "semver"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:fortinet:fortisandboxcloud:5.0.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandboxcloud:5.0.4:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiSandbox Cloud",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "5.0.5",
                  "status": "affected",
                  "version": "5.0.4",
                  "versionType": "semver"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:fortinet:fortisandboxpaas:5.0.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandboxpaas:5.0.4:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiSandbox PaaS",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "5.0.5",
                  "status": "affected",
                  "version": "5.0.4",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A improper neutralization of special elements used in an os command (\u0027os command injection\u0027) vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8, FortiSandbox 4.2 all versions, FortiSandbox Cloud 5.0.4 through 5.0.5, FortiSandbox PaaS 5.0.4 through 5.0.5 may allow an unauthenticated attacker to execute unauthorized commands via specifically crafted HTTP requests"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.1,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "Execute unauthorized code or commands",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-09T14:27:47.492Z",
            "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
            "shortName": "fortinet"
          },
          "references": [
            {
              "name": "https://fortiguard.fortinet.com/psirt/FG-IR-26-141",
              "url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-141"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to upcoming  FortiSandbox version 5.2.0 or above\nUpgrade to FortiSandbox version 5.0.6 or above\nUpgrade to FortiSandbox version 4.4.9 or above\nUpgrade to upcoming  FortiSandbox PaaS version 5.2.0 or above\nUpgrade to FortiSandbox PaaS version 5.0.6 or above\nFortinet remediated this issue in FortiSandbox Cloud version 5.2.0 (not released) and hence customers do not need to perform any action.\nFortinet remediated this issue in FortiSandbox Cloud version 5.0.6 (not released) and hence customers do not need to perform any action."
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "assignerShortName": "fortinet",
        "cveId": "CVE-2026-25089",
        "datePublished": "2026-06-09T14:27:47.492Z",
        "dateReserved": "2026-01-29T09:27:29.820Z",
        "dateUpdated": "2026-06-10T13:35:01.375Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-49938 (GCVE-0-2026-49938)

    Vulnerability from cvelistv5 – Published: 2026-06-09 14:27 – Updated: 2026-07-08 12:54
    VLAI
    Summary
    A improper access control vulnerability in Fortinet FortiPortal 7.4.0 through 7.4.7, FortiPortal 7.2.0 through 7.2.8, FortiPortal 7.0 all versions may allow attacker to improper access control via <insert attack vector here>
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-284 - Improper access control
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fortinet FortiPortal Affected: 7.4.0 , ≤ 7.4.7 (semver)
    Affected: 7.2.0 , ≤ 7.2.8 (semver)
    Affected: 7.0.0 , ≤ 7.0.14 (semver)
        cpe:2.3:a:fortinet:fortiportal:7.4.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiportal:7.4.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiportal:7.4.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiportal:7.4.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiportal:7.4.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiportal:7.4.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiportal:7.4.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiportal:7.4.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiportal:7.2.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiportal:7.2.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiportal:7.2.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiportal:7.2.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiportal:7.2.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiportal:7.2.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiportal:7.2.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiportal:7.2.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiportal:7.2.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiportal:7.0.14:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiportal:7.0.13:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiportal:7.0.12:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiportal:7.0.11:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiportal:7.0.10:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiportal:7.0.9:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiportal:7.0.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiportal:7.0.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiportal:7.0.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiportal:7.0.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiportal:7.0.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiportal:7.0.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiportal:7.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiportal:7.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiportal:7.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-49938",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-09T15:36:51.644752Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-09T15:36:59.170Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:fortinet:fortiportal:7.4.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiportal:7.4.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiportal:7.4.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiportal:7.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiportal:7.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiportal:7.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiportal:7.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiportal:7.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiportal:7.2.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiportal:7.2.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiportal:7.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiportal:7.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiportal:7.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiportal:7.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiportal:7.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiportal:7.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiportal:7.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiportal:7.0.14:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiportal:7.0.13:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiportal:7.0.12:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiportal:7.0.11:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiportal:7.0.10:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiportal:7.0.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiportal:7.0.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiportal:7.0.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiportal:7.0.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiportal:7.0.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiportal:7.0.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiportal:7.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiportal:7.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiportal:7.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiportal:7.0.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiPortal",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "7.4.7",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.2.8",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.14",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A improper access control vulnerability in Fortinet FortiPortal 7.4.0 through 7.4.7, FortiPortal 7.2.0 through 7.2.8, FortiPortal 7.0 all versions may allow attacker to improper access control via \u003cinsert attack vector here\u003e"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.2,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "Improper access control",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-08T12:54:11.690Z",
            "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
            "shortName": "fortinet"
          },
          "references": [
            {
              "name": "https://fortiguard.fortinet.com/psirt/FG-IR-26-140",
              "url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-140"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to FortiPortal version 7.4.8 or above\nUpgrade to upcoming  FortiPortal version 7.2.9 or above"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "assignerShortName": "fortinet",
        "cveId": "CVE-2026-49938",
        "datePublished": "2026-06-09T14:27:42.914Z",
        "dateReserved": "2026-06-02T15:05:18.629Z",
        "dateUpdated": "2026-07-08T12:54:11.690Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CERTFR-2026-AVI-0725

    Vulnerability from certfr_avis - Published: 2026-06-10 - Updated: 2026-06-10

    De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et une atteinte à la confidentialité des données.

    Solutions

    Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    Impacted products
    Vendor Product Description
    Fortinet FortiOS FortiOS versions 7.6.x antérieures à 7.6.3
    Fortinet FortiSandbox FortiSandbox Cloud versions 5.0.4 et 5.0.5 antérieures à 5.0.6
    Fortinet FortiPortal FortiPortal versions antérieures à 7.2.9
    Fortinet FortiSandbox FortiSandbox versions 5.0.x antérieures à 5.0.6
    Fortinet FortiProxy FortiProxy versions 7.2.x antérieures à 7.2.15
    Fortinet FortiSandbox FortiSandbox versions 4.4.x antérieures à 4.4.9
    Fortinet FortiPortal FortiPortal versions 7.4.x antérieures à 7.4.8
    Fortinet FortiOS FortiOS versions 7.2.x antérieures à 7.2.11
    Fortinet FortiProxy FortiProxy versions 7.4.x antérieures à 7.4.11
    Fortinet FortiSandbox FortiSandbox PaaS versions 5.0.4 et 5.0.5 antérieures à 5.0.6
    Fortinet FortiOS FortiOS versions 7.4.x antérieures à 7.4.8
    Fortinet FortiProxy FortiProxy versions 7.6.x antérieures à 7.6.4
    References

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": "FortiOS versions 7.6.x ant\u00e9rieures \u00e0 7.6.3",
          "product": {
            "name": "FortiOS",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiSandbox Cloud versions 5.0.4 et 5.0.5 ant\u00e9rieures \u00e0 5.0.6",
          "product": {
            "name": "FortiSandbox",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiPortal versions ant\u00e9rieures \u00e0 7.2.9",
          "product": {
            "name": "FortiPortal",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiSandbox versions 5.0.x ant\u00e9rieures \u00e0 5.0.6",
          "product": {
            "name": "FortiSandbox",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiProxy versions 7.2.x ant\u00e9rieures \u00e0 7.2.15",
          "product": {
            "name": "FortiProxy",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiSandbox versions 4.4.x ant\u00e9rieures \u00e0 4.4.9",
          "product": {
            "name": "FortiSandbox",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiPortal versions 7.4.x ant\u00e9rieures \u00e0 7.4.8",
          "product": {
            "name": "FortiPortal",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiOS versions 7.2.x ant\u00e9rieures \u00e0 7.2.11",
          "product": {
            "name": "FortiOS",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiProxy versions 7.4.x ant\u00e9rieures \u00e0 7.4.11",
          "product": {
            "name": "FortiProxy",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiSandbox PaaS versions 5.0.4 et 5.0.5 ant\u00e9rieures \u00e0 5.0.6",
          "product": {
            "name": "FortiSandbox",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiOS versions 7.4.x ant\u00e9rieures \u00e0 7.4.8",
          "product": {
            "name": "FortiOS",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiProxy versions 7.6.x ant\u00e9rieures \u00e0 7.6.4",
          "product": {
            "name": "FortiProxy",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        }
      ],
      "affected_systems_content": "",
      "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
      "cves": [
        {
          "name": "CVE-2026-25089",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-25089"
        },
        {
          "name": "CVE-2025-67862",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-67862"
        },
        {
          "name": "CVE-2026-49938",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-49938"
        }
      ],
      "initial_release_date": "2026-06-10T00:00:00",
      "last_revision_date": "2026-06-10T00:00:00",
      "links": [],
      "reference": "CERTFR-2026-AVI-0725",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2026-06-10T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
        },
        {
          "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
        }
      ],
      "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Fortinet. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
      "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
      "vendor_advisories": [
        {
          "published_at": "2026-06-09",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-143",
          "url": "https://www.fortiguard.com/psirt/FG-IR-26-143"
        },
        {
          "published_at": "2026-06-09",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-141",
          "url": "https://www.fortiguard.com/psirt/FG-IR-26-141"
        },
        {
          "published_at": "2026-06-09",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-140",
          "url": "https://www.fortiguard.com/psirt/FG-IR-26-140"
        }
      ]
    }

    CERTFR-2026-AVI-0575

    Vulnerability from certfr_avis - Published: 2026-05-13 - Updated: 2026-05-13

    De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.

    Solutions

    Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    Impacted products
    Vendor Product Description
    Fortinet FortiOS FortiOS versions 7.6.x antérieures à 7.6.4
    Fortinet FortiAP FortiAP-W2 versions antérieures à 7.4.5
    Fortinet FortiMail FortiMail versions 7.6.x antérieures à 7.6.4
    Fortinet FortiAnalyzer FortiAnalyzer versions 7.6.x antérieures à 7.6.5
    Fortinet FortiSandbox FortiSandbox PaaS 21.x, 22.x, et 23.x toutes versions
    Fortinet FortiSandbox FortiSandbox PaaS versions 4.4.x antérieures à 4.4.9
    Fortinet FortiAP FortiAP versions 7.6.x antérieures à 7.6.3
    Fortinet FortiAP FortiAP-U versions 7.0.x antérieures à 7.0.6
    Fortinet FortiDeceptor FortiDeceptor versions 5.x et 6.x antérieures à 6.1
    Fortinet FortiSandbox FortiSandbox Cloud 24 toutes versions
    Fortinet FortiManager FortiManager versions 7.6.x antérieures à 7.6.5
    Fortinet FortiClient FortiClientWindows versions antérieures à 7.4.3
    Fortinet FortiSandbox FortiSandbox versions 4.4.x antérieures à 4.4.9
    Fortinet FortiOS FortiOS versions 7.4.x antérieures à 7.4.9
    Fortinet FortiOS FortiOS versions 7.2.x antérieures à 7.2.12
    Fortinet FortiMail FortiMail versions 7.4.x antérieures à 7.4.6
    Fortinet FortiSandbox FortiSandbox versions 5.x antérieures à 5.0.2
    Fortinet N/A FortiTokenAndroid versions antérieures à 6.4
    Fortinet FortiAuthenticator FortiAuthenticator versions 6.5.x antérieures à 6.5.7
    Fortinet FortiManager FortiManager versions antérieures à 7.4.9
    Fortinet FortiSandbox FortiSandbox Cloud 23 toutes versions
    Fortinet FortiNDR FortiNDR versions 7.6.x antérieures à 7.6.3
    Fortinet FortiSandbox FortiSandbox Cloud versions 5.x antérieures à 5.0.6
    Fortinet FortiAuthenticator FortiAuthenticator versions 6.6.x antérieures à 6.6.9
    Fortinet FortiAnalyzer FortiAnalyzer versions antérieures à 7.4.9
    Fortinet FortiMail FortiMail versions 7.2.x antérieures à 7.2.9
    Fortinet FortiNDR FortiNDR versions 7.x antérieures à 7.4.10
    Fortinet FortiAP FortiAP versions antérieures à 7.4.6
    Fortinet FortiSandbox FortiSandbox PaaS versions 5.0.x antérieures à 5.0.2
    Fortinet FortiAuthenticator FortiAuthenticator versions 8.0.x antérieures à 8.0.3
    References

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": "FortiOS versions 7.6.x ant\u00e9rieures \u00e0 7.6.4",
          "product": {
            "name": "FortiOS",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiAP-W2 versions ant\u00e9rieures \u00e0 7.4.5",
          "product": {
            "name": "FortiAP",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiMail versions 7.6.x ant\u00e9rieures \u00e0 7.6.4",
          "product": {
            "name": "FortiMail",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiAnalyzer versions 7.6.x ant\u00e9rieures \u00e0 7.6.5",
          "product": {
            "name": "FortiAnalyzer",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiSandbox PaaS 21.x, 22.x, et 23.x toutes versions",
          "product": {
            "name": "FortiSandbox",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiSandbox PaaS versions 4.4.x ant\u00e9rieures \u00e0 4.4.9",
          "product": {
            "name": "FortiSandbox",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiAP versions 7.6.x ant\u00e9rieures \u00e0 7.6.3",
          "product": {
            "name": "FortiAP",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiAP-U versions 7.0.x ant\u00e9rieures \u00e0 7.0.6",
          "product": {
            "name": "FortiAP",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiDeceptor versions 5.x et 6.x ant\u00e9rieures \u00e0 6.1",
          "product": {
            "name": "FortiDeceptor",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiSandbox Cloud 24 toutes versions",
          "product": {
            "name": "FortiSandbox",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiManager versions 7.6.x ant\u00e9rieures \u00e0 7.6.5",
          "product": {
            "name": "FortiManager",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiClientWindows versions ant\u00e9rieures \u00e0 7.4.3",
          "product": {
            "name": "FortiClient",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiSandbox versions 4.4.x ant\u00e9rieures \u00e0 4.4.9",
          "product": {
            "name": "FortiSandbox",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiOS versions 7.4.x ant\u00e9rieures \u00e0 7.4.9",
          "product": {
            "name": "FortiOS",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiOS versions 7.2.x ant\u00e9rieures \u00e0 7.2.12",
          "product": {
            "name": "FortiOS",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiMail versions 7.4.x ant\u00e9rieures \u00e0 7.4.6",
          "product": {
            "name": "FortiMail",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiSandbox versions 5.x ant\u00e9rieures \u00e0 5.0.2",
          "product": {
            "name": "FortiSandbox",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiTokenAndroid versions ant\u00e9rieures \u00e0 6.4",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiAuthenticator versions 6.5.x ant\u00e9rieures \u00e0 6.5.7",
          "product": {
            "name": "FortiAuthenticator",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiManager versions ant\u00e9rieures \u00e0 7.4.9",
          "product": {
            "name": "FortiManager",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiSandbox Cloud 23 toutes versions",
          "product": {
            "name": "FortiSandbox",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiNDR versions 7.6.x ant\u00e9rieures \u00e0 7.6.3",
          "product": {
            "name": "FortiNDR",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiSandbox Cloud versions 5.x ant\u00e9rieures \u00e0 5.0.6",
          "product": {
            "name": "FortiSandbox",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiAuthenticator versions 6.6.x ant\u00e9rieures \u00e0 6.6.9",
          "product": {
            "name": "FortiAuthenticator",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiAnalyzer versions ant\u00e9rieures \u00e0 7.4.9",
          "product": {
            "name": "FortiAnalyzer",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiMail versions 7.2.x ant\u00e9rieures \u00e0 7.2.9",
          "product": {
            "name": "FortiMail",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiNDR versions 7.x ant\u00e9rieures \u00e0 7.4.10",
          "product": {
            "name": "FortiNDR",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiAP versions ant\u00e9rieures \u00e0 7.4.6",
          "product": {
            "name": "FortiAP",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiSandbox PaaS versions 5.0.x ant\u00e9rieures \u00e0 5.0.2",
          "product": {
            "name": "FortiSandbox",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiAuthenticator versions 8.0.x ant\u00e9rieures \u00e0 8.0.3",
          "product": {
            "name": "FortiAuthenticator",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        }
      ],
      "affected_systems_content": "",
      "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
      "cves": [
        {
          "name": "CVE-2026-44279",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-44279"
        },
        {
          "name": "CVE-2026-25690",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-25690"
        },
        {
          "name": "CVE-2026-44277",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-44277"
        },
        {
          "name": "CVE-2025-53844",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-53844"
        },
        {
          "name": "CVE-2025-53681",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-53681"
        },
        {
          "name": "CVE-2026-26083",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-26083"
        },
        {
          "name": "CVE-2025-67604",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-67604"
        },
        {
          "name": "CVE-2026-44278",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-44278"
        },
        {
          "name": "CVE-2025-53680",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-53680"
        },
        {
          "name": "CVE-2025-53870",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-53870"
        },
        {
          "name": "CVE-2026-25088",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-25088"
        }
      ],
      "initial_release_date": "2026-05-13T00:00:00",
      "last_revision_date": "2026-05-13T00:00:00",
      "links": [],
      "reference": "CERTFR-2026-AVI-0575",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2026-05-13T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "D\u00e9ni de service \u00e0 distance"
        },
        {
          "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
        },
        {
          "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
        },
        {
          "description": "Injection SQL (SQLi)"
        },
        {
          "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
        },
        {
          "description": "Contournement de la politique de s\u00e9curit\u00e9"
        },
        {
          "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
        },
        {
          "description": "\u00c9l\u00e9vation de privil\u00e8ges"
        }
      ],
      "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Fortinet. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
      "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
      "vendor_advisories": [
        {
          "published_at": "2026-05-12",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-137",
          "url": "https://www.fortiguard.com/psirt/FG-IR-26-137"
        },
        {
          "published_at": "2026-05-12",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-133",
          "url": "https://www.fortiguard.com/psirt/FG-IR-26-133"
        },
        {
          "published_at": "2026-05-12",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-138",
          "url": "https://www.fortiguard.com/psirt/FG-IR-26-138"
        },
        {
          "published_at": "2026-05-12",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-130",
          "url": "https://www.fortiguard.com/psirt/FG-IR-26-130"
        },
        {
          "published_at": "2026-05-12",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-134",
          "url": "https://www.fortiguard.com/psirt/FG-IR-26-134"
        },
        {
          "published_at": "2026-05-12",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-136",
          "url": "https://www.fortiguard.com/psirt/FG-IR-26-136"
        },
        {
          "published_at": "2026-05-12",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-123",
          "url": "https://www.fortiguard.com/psirt/FG-IR-26-123"
        },
        {
          "published_at": "2026-05-12",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-129",
          "url": "https://www.fortiguard.com/psirt/FG-IR-26-129"
        },
        {
          "published_at": "2026-05-12",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-128",
          "url": "https://www.fortiguard.com/psirt/FG-IR-26-128"
        },
        {
          "published_at": "2026-05-12",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-132",
          "url": "https://www.fortiguard.com/psirt/FG-IR-26-132"
        },
        {
          "published_at": "2026-05-12",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-131",
          "url": "https://www.fortiguard.com/psirt/FG-IR-26-131"
        }
      ]
    }