An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in FortiDDoS-F CLI may allow a privileged attacker to execute unauthorized code or commands via crafted CLI requests. Revised on 2025-09-09 00:00:00

A Relative Path Traversal vulnerability [CWE-23] in FortiWeb may allow an authenticated attacker to perform an arbitrary file read on the underlying system via crafted requests. Revised on 2025-09-09 00:00:00

An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability [CWE-22] in FortiManager & FortiManager Cloud may allow an authenticated remote attacker to overwrite arbitrary files via FGFM crafted requests. Revised on 2025-08-13 00:00:00

Multiple relative path traversal vulnerabilities [CWE-23] in FortiMail, FortiVoice, FortiRecorder, FortiCamera & FortiNDR may allow a privileged attacker to read files from the underlying filesystem via crafted CLI requests.  Revised on 2025-08-13 00:00:00

An improper handling of parameters [CWE-233] vulnerability in FortiWeb may allow an unauthenticated remote attacker in possession of non-public information (pertaining to both the device and to the targeted user) to log in as any existing user on the device via a specially crafted request. Revised on 2025-08-12 00:00:00

An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in FortiWeb may allow an authenticated privileged attacker to execute unauthorized code or commands via crafted CLI commands Revised on 2025-08-12 00:00:00

A improper neutralization of special elements used in an os command ('os command injection') vulnerability [CWE-78] in FortiWeb CLI may allow a privileged attacker to execute arbitrary code or command via crafted CLI commands. Revised on 2025-08-12 00:00:00

A double free vulnerability [CWE-415] in FortiOS, FortiProxy & FortiPAM administrative interfaces may allow a privileged attacker to execute code or commands via crafted HTTP or HTTPs requests. Revised on 2025-08-12 00:00:00

An incorrect privilege assignment vulnerability [CWE-266] in FortiOS Security Fabric may allow a remote authenticated attacker with high privileges to escalate their privileges to super-admin via registering the device to a malicious FortiManager. Revised on 2025-08-12 00:00:00

An Integer Overflow or Wraparound vulnerability [CWE-190] in FortiOS, FortiPAM and FortiProxy SSL-VPN RDP and VNC bookmarks may allow an authenticated user to affect the device SSL-VPN availability via crafted requests. Revised on 2025-08-12 00:00:00

An improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78] in FortiADC may allow a remote and authenticated attacker with low privilege to execute unauthorized code via specifically crafted HTTP parameters. Revised on 2025-08-12 00:00:00

A relative path traversal vulnerability [CWE-23] in FortiSOAR may allow an authenticated attacker to read arbitrary files via uploading a malicious solution pack. Revised on 2025-08-12 00:00:00

An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in FortiSIEM may allow an unauthenticated attacker to execute unauthorized code or commands via crafted CLI requests.Practical exploit code for this vulnerability was found in the wild. Revised on 2025-08-12 00:00:00

A stack-based buffer overflow vulnerability [CWE-121] in FortiWeb CLI may allow a privileged attacker to execute arbitrary code or commands via crafted CLI commands Revised on 2025-08-12 00:00:00

An authentication bypass using an alternate path or channel [CWE-288] vulnerability in FortiOS, FortiProxy & FortiPAM may allow an unauthenticated attacker to seize control of a managed device via crafted FGFM requests, if the device is managed by a FortiManager, and if the attacker knows that FortiManager's serial number. Revised on 2025-08-12 00:00:00

An Improper neutralization of input during web page generation ('cross-site scripting') vulnerability [CWE-79] in FortiSOAR WEB UI may allow an authenticated remote attacker to perform an XSS attack via stored malicious service requests Revised on 2025-08-12 00:00:00

CVE-2025-26466A flaw was found in the OpenSSH package. For each ping packet the SSH server receives, a pong packet is allocated in a memory buffer and stored in a queue of packages. It is only freed when the server/client key exchange has finished. A malicious client may keep sending such packages, leading to an uncontrolled increase in memory consumption on the server side. Consequently, the server may become unavailable, resulting in a denial of service attack. Revised on 2025-07-30 00:00:00

An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability [CWE-89] in FortiWeb may allow an unauthenticated attacker to execute unauthorized SQL code or commands via crafted HTTP or HTTPs requests.Fortinet has observed this to be exploited in the wild on FortiWeb. Revised on 2025-07-18 00:00:00

A fundamental design flaw within the RADIUS protocol has been proven to be exploitable, compromising the integrity in the RADIUS Access-Request process. The attack allows a malicious user to modify packets in a way that would be indistinguishable to a RADIUS client or server. To be successful, the attacker must have the ability to inject themselves between the client and server. Revised on 2025-07-10 00:00:00

An Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability [CWE-89] in FortiManager and FortiAnalyzer may allow an authenticated attacker with high privilege to extract database information via crafted requests. Revised on 2025-07-09 00:00:00