1125 matches found
Vulnerabilities exist in several Fortinet products
Fortinet has identified vulnerabilities in several versions of FortiSIEM Windows Agent and general product versions, FortiOS, FortiPAM, and FortiProxy. One vulnerability exists in the FortiSIEM Windows Agent versions 7.4.0 through 7.4.1 with the identifier CVE-2026-59841. This vulnerability allow...
CVE-2026-59840
Fortinet FortiOS (7.6.0–7.6.2, 7.4.0–7.4.8, 7.2 all) and FortiProxy (7.6.0–7.6.5, 7.4.0–7.4.13, 7.2 all) are affected by a buffer over-read that may lead to information disclosure. Root cause described as a buffer over-read affecting multiple Fortinet products; the exact attack vector is not spec...
CVE-2026-59840
A buffer over-read vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions, FortiProxy 7.6.0 through 7.6.5, FortiProxy 7.4.0 through 7.4.13, FortiProxy 7.2 all versions, FortiProxy 7.0 all...
CVE-2026-59840
A buffer over-read vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions, FortiProxy 7.6.0 through 7.6.5, FortiProxy 7.4.0 through 7.4.13, FortiProxy 7.2 all versions, FortiProxy 7.0 all...
CVE-2026-23573
Technical details for CVE-2026-23573 are not publicly available in the provided documents. Monitor for updates from Fortinet PSIRTs and NVD for affected products and fixes.
CVE-2026-59839
CVE-2026-59839 describes a path traversal vulnerability: improper limitation of a pathname to a restricted directory in Fortinet products, affecting FortiOS (versions 7.6.0–7.6.6, 7.4.0–7.4.9, 7.2.x, 7.0.x, 6.4.x), FortiPAM (1.8.0 down to 1.0, all 1.x releases), and FortiProxy (7.6.0–7.6.5, 7.4–7...
CVE-2025-62675
The CVE-2025-62675 entry concerns an issue described as an Improper Neutralization of CRLF Sequences in HTTP Headers (HTTP Response Splitting) in Fortinet FortiOS and FortiProxy products. Affected versions are FortiOS 7.6.0–7.6.4, FortiOS 7.4 all versions, FortiOS 7.2 all versions, FortiProxy 7.6...
CVE-2026-59837
Fortinet vulnerability CVE-2026-59837 affects FortiOS (7.4.0–7.4.1, 7.2 all), FortiPAM (1.0–1.8.2), and FortiProxy (7.2 all, 7.4.0–7.4.13). The issue is a stack-based buffer overflow exploitable by a privileged authenticated attacker who can bypass stack protection and ASLR, via crafted HTTP requ...
Fortinet Fortigate Buffer overread in authd and wad daemon (FG-IR-26-154)
The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the FG-IR-26-154 advisory. - A buffer over-read vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2...
Fortinet Fortigate Header injection in Web Filter warning page (FG-IR-26-152)
The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-26-152 advisory. - An Improper Neutralization of CRLF Sequences in HTTP Headers 'HTTP Response Splitting' vulnerability CWE-113 vulnerability ...
PT-2026-58076
Name of the Vulnerable Software and Affected Versions FortiOS versions 7.6.0 through 7.6.6 FortiOS versions 7.4.0 through 7.4.9 FortiOS version 7.2 FortiOS version 7.0 FortiOS version 6.4 FortiPAM version 1.8.0 FortiPAM versions 1.7.0 through 1.7.2 FortiPAM version 1.6 FortiPAM version 1.5 FortiP...
Fortinet Fortigate Header injection in captive portal authentication form (FG-IR-26-153)
The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-26-153 advisory. - An Improper Neutralization of CRLF Sequences in HTTP Headers 'HTTP Response Splitting' vulnerability CWE-113 vulnerability ...
PT-2026-58075
Name of the Vulnerable Software and Affected Versions FortiOS versions 7.4.0 through 7.4.1 FortiOS versions 7.2.x FortiPAM versions 1.0 through 1.8.2 FortiProxy versions 7.4.0 through 7.4.13 FortiProxy versions 7.2.x Description A stack-based buffer overflow occurs when a privileged authenticated...
Fortinet FortiOS - Credentials Disclosure
Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.3 to 5.6.7 and 5.4.6 to 5.4.12 and FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 under SSL VPN web portal allows an unauthenticated attacker to download system files via special crafted HTTP resource requests due to improper limitation of a...
Fortinet - Authentication Bypass
Fortinet contains an authentication bypass vulnerability via using an alternate path or channel in FortiOS 7.2.0 through 7.2.1 and 7.0.0 through 7.0.6, FortiProxy 7.2.0 and 7.0.0 through 7.0.6, and FortiSwitchManager 7.2.0 and 7.0.0. An attacker can perform operations on the administrative...
CVE-2025-67862
An Internal Asset Exposed to Unsafe Debug Access Level or State vulnerability CWE-1244 vulnerability in Fortinet FortiOS 7.6.0 through 7.6.2, FortiOS 7.4.0 through 7.4.7, FortiOS 7.2.0 through 7.2.10, FortiOS 7.0.0 through 7.0.16, FortiOS 6.4 all versions, FortiProxy 7.6.0 through 7.6.3, FortiPro...
EUVD-2025-210085
An Internal Asset Exposed to Unsafe Debug Access Level or State vulnerability CWE-1244 vulnerability in Fortinet FortiOS 7.6.0 through 7.6.2, FortiOS 7.4.0 through 7.4.7, FortiOS 7.2.0 through 7.2.10, FortiOS 7.0.0 through 7.0.16, FortiOS 6.4 all versions, FortiProxy 7.6.0 through 7.6.3, FortiPro...
CVE-2025-67862
An Internal Asset Exposed to Unsafe Debug Access Level or State vulnerability CWE-1244 vulnerability in Fortinet FortiOS 7.6.0 through 7.6.2, FortiOS 7.4.0 through 7.4.7, FortiOS 7.2.0 through 7.2.10, FortiOS 7.0.0 through 7.0.16, FortiOS 6.4 all versions, FortiProxy 7.6.0 through 7.6.3, FortiPro...
CVE-2025-67862
Technical details for CVE-2025-67862 are not publicly available in the provided documents. Monitor for updates.
CVE-2025-67862
An Internal Asset Exposed to Unsafe Debug Access Level or State vulnerability CWE-1244 vulnerability in Fortinet FortiOS 7.6.0 through 7.6.2, FortiOS 7.4.0 through 7.4.7, FortiOS 7.2.0 through 7.2.10, FortiOS 7.0.0 through 7.0.16, FortiOS 6.4 all versions, FortiProxy 7.6.0 through 7.6.3, FortiPro...