Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    1028 vulnerabilities

    CVE-2026-59838 (GCVE-0-2026-59838)

    Vulnerability from cvelistv5 – Published: 2026-07-15 13:43 – Updated: 2026-07-15 14:23
    VLAI
    Summary
    A improper neutralization of script-related html tags in a web page (basic xss) vulnerability in Fortinet FortiSIEM 7.4.0, FortiSIEM 7.3.0 through 7.3.4, FortiSIEM 7.2.0 through 7.2.6, FortiSIEM 7.1 all versions, FortiSIEM 7.0 all versions, FortiSIEM 6.7 all versions, FortiSIEM 6.6 all versions, FortiSIEM 6.5 all versions, FortiSIEM 6.4 all versions may allow attacker to execute unauthorized code or commands via <insert attack vector here>
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-80 - Execute unauthorized code or commands
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fortinet FortiSIEM Affected: 7.4.0
    Affected: 7.3.0 , ≤ 7.3.4 (semver)
    Affected: 7.2.0 , ≤ 7.2.6 (semver)
    Affected: 7.1.0 , ≤ 7.1.9 (semver)
    Affected: 7.0.0 , ≤ 7.0.4 (semver)
    Affected: 6.7.0 , ≤ 6.7.10 (semver)
    Affected: 6.6.0 , ≤ 6.6.5 (semver)
    Affected: 6.5.0 , ≤ 6.5.3 (semver)
    Affected: 6.4.0 , ≤ 6.4.4 (semver)
    Affected: 6.3.0 , ≤ 6.3.3 (semver)
    Affected: 6.2.0 , ≤ 6.2.1 (semver)
        cpe:2.3:a:fortinet:fortisiem:7.4.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisiem:7.3.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisiem:7.3.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisiem:7.3.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisiem:7.3.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisiem:7.3.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisiem:7.2.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisiem:7.2.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisiem:7.2.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisiem:7.2.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisiem:7.2.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisiem:7.2.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisiem:7.2.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisiem:7.1.9:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisiem:7.1.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisiem:7.1.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisiem:7.1.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisiem:7.1.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisiem:7.1.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisiem:7.1.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisiem:7.1.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisiem:7.1.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisiem:7.1.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisiem:7.0.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisiem:7.0.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisiem:7.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisiem:7.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisiem:7.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisiem:6.7.10:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisiem:6.7.9:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisiem:6.7.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisiem:6.7.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisiem:6.7.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisiem:6.7.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisiem:6.7.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisiem:6.7.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisiem:6.7.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisiem:6.7.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisiem:6.7.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisiem:6.6.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisiem:6.6.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisiem:6.6.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisiem:6.6.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisiem:6.6.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisiem:6.6.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisiem:6.5.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisiem:6.5.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisiem:6.5.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisiem:6.5.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisiem:6.4.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisiem:6.4.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisiem:6.4.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisiem:6.4.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisiem:6.4.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisiem:6.3.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisiem:6.3.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisiem:6.3.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisiem:6.3.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisiem:6.2.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisiem:6.2.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-59838",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-15T14:23:06.140913Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-15T14:23:20.174Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:fortinet:fortisiem:7.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisiem:7.3.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisiem:7.3.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisiem:7.3.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisiem:7.3.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisiem:7.3.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisiem:7.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisiem:7.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisiem:7.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisiem:7.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisiem:7.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisiem:7.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisiem:7.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisiem:7.1.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisiem:7.1.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisiem:7.1.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisiem:7.1.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisiem:7.1.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisiem:7.1.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisiem:7.1.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisiem:7.1.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisiem:7.1.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisiem:7.1.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisiem:7.0.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisiem:7.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisiem:7.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisiem:7.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisiem:7.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisiem:6.7.10:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisiem:6.7.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisiem:6.7.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisiem:6.7.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisiem:6.7.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisiem:6.7.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisiem:6.7.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisiem:6.7.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisiem:6.7.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisiem:6.7.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisiem:6.7.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisiem:6.6.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisiem:6.6.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisiem:6.6.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisiem:6.6.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisiem:6.6.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisiem:6.6.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisiem:6.5.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisiem:6.5.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisiem:6.5.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisiem:6.5.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisiem:6.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisiem:6.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisiem:6.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisiem:6.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisiem:6.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisiem:6.3.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisiem:6.3.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisiem:6.3.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisiem:6.3.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisiem:6.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisiem:6.2.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiSIEM",
              "vendor": "Fortinet",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.4.0"
                },
                {
                  "lessThanOrEqual": "7.3.4",
                  "status": "affected",
                  "version": "7.3.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.2.6",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.1.9",
                  "status": "affected",
                  "version": "7.1.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.4",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.7.10",
                  "status": "affected",
                  "version": "6.7.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.6.5",
                  "status": "affected",
                  "version": "6.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.5.3",
                  "status": "affected",
                  "version": "6.5.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.4.4",
                  "status": "affected",
                  "version": "6.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.3.3",
                  "status": "affected",
                  "version": "6.3.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.2.1",
                  "status": "affected",
                  "version": "6.2.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A improper neutralization of script-related html tags in a web page (basic xss) vulnerability in Fortinet FortiSIEM 7.4.0, FortiSIEM 7.3.0 through 7.3.4, FortiSIEM 7.2.0 through 7.2.6, FortiSIEM 7.1 all versions, FortiSIEM 7.0 all versions, FortiSIEM 6.7 all versions, FortiSIEM 6.6 all versions, FortiSIEM 6.5 all versions, FortiSIEM 6.4 all versions may allow attacker to execute unauthorized code or commands via \u003cinsert attack vector here\u003e"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-80",
                  "description": "Execute unauthorized code or commands",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-15T13:43:36.794Z",
            "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
            "shortName": "fortinet"
          },
          "references": [
            {
              "name": "https://fortiguard.fortinet.com/psirt/FG-IR-26-149",
              "url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-149"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to FortiSIEM version 7.5.0 or above\nUpgrade to FortiSIEM version 7.4.1 or above\nUpgrade to FortiSIEM version 7.3.5 or above\nUpgrade to FortiSIEM version 7.2.7 or above"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "assignerShortName": "fortinet",
        "cveId": "CVE-2026-59838",
        "datePublished": "2026-07-15T13:43:36.794Z",
        "dateReserved": "2026-07-07T15:21:29.438Z",
        "dateUpdated": "2026-07-15T14:23:20.174Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-59840 (GCVE-0-2026-59840)

    Vulnerability from cvelistv5 – Published: 2026-07-14 15:19 – Updated: 2026-07-16 14:00
    VLAI
    Summary
    A buffer over-read vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions, FortiProxy 7.6.0 through 7.6.5, FortiProxy 7.4.0 through 7.4.13, FortiProxy 7.2 all versions, FortiProxy 7.0 all versions may allow attacker to information disclosure via <insert attack vector here>
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fortinet FortiOS Affected: 7.6.0 , ≤ 7.6.3 (semver)
    Affected: 7.4.0 , ≤ 7.4.8 (semver)
    Affected: 7.2.0 , ≤ 7.2.13 (semver)
    Affected: 7.0.0 , ≤ 7.0.19 (semver)
    Affected: 6.4.0 , ≤ 6.4.16 (semver)
        cpe:2.3:o:fortinet:fortios:7.6.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.6.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.6.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.6.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.8:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.7:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.6:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.5:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.4:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.13:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.12:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.11:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.10:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.9:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.8:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.7:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.6:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.5:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.4:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.19:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.18:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.17:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.16:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.15:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.14:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.13:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.12:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.11:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.10:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.9:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.8:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.7:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.6:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.5:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.4:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.16:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.15:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.14:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.13:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.12:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.11:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.10:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.9:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.8:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.7:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.6:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.5:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.4:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Fortinet FortiPAM Affected: 1.7.0
    Affected: 1.6.0 , ≤ 1.6.2 (semver)
    Affected: 1.5.0 , ≤ 1.5.1 (semver)
    Affected: 1.4.0 , ≤ 1.4.3 (semver)
    Affected: 1.3.0 , ≤ 1.3.1 (semver)
    Affected: 1.2.0
    Affected: 1.1.0 , ≤ 1.1.2 (semver)
    Affected: 1.0.0 , ≤ 1.0.3 (semver)
        cpe:2.3:o:fortinet:fortipam:1.7.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.6.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.6.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.6.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.5.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.5.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.4.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.4.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.4.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.4.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.3.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.3.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.2.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.1.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.1.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.1.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.0.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.0.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.0.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Fortinet FortiSwitchManager Affected: 7.2.0 , ≤ 7.2.7 (semver)
    Affected: 7.0.0 , ≤ 7.0.6 (semver)
        cpe:2.3:a:fortinet:fortiswitchmanager:7.2.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiswitchmanager:7.2.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiswitchmanager:7.2.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiswitchmanager:7.2.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiswitchmanager:7.2.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiswitchmanager:7.2.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiswitchmanager:7.2.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiswitchmanager:7.2.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiswitchmanager:7.0.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiswitchmanager:7.0.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiswitchmanager:7.0.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiswitchmanager:7.0.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiswitchmanager:7.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiswitchmanager:7.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiswitchmanager:7.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Fortinet FortiProxy Affected: 7.6.0 , ≤ 7.6.5 (semver)
    Affected: 7.4.0 , ≤ 7.4.13 (semver)
    Affected: 7.2.0 , ≤ 7.2.16 (semver)
    Affected: 7.0.0 , ≤ 7.0.23 (semver)
        cpe:2.3:a:fortinet:fortiproxy:7.6.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.6.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.6.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.6.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.6.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.6.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.13:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.12:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.11:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.10:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.9:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.16:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.15:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.14:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.13:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.12:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.11:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.10:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.9:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.23:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.22:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.21:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.20:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.19:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.18:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.17:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.16:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.15:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.14:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.13:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.12:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.11:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.10:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.9:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-59840",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-14T15:57:19.678421Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-14T16:02:38.145Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:o:fortinet:fortios:7.6.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.6.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.6.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.6.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.7:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.13:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.10:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.7:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.19:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.18:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.17:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.16:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.15:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.14:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.13:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.10:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.7:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.16:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.15:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.14:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.13:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.10:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.7:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiOS",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "7.6.3",
                  "status": "affected",
                  "version": "7.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.4.8",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.2.13",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.19",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.4.16",
                  "status": "affected",
                  "version": "6.4.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:fortinet:fortipam:1.7.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.6.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.6.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.6.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.5.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.5.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.3.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.3.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.1.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.1.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.1.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.0.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiPAM",
              "vendor": "Fortinet",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.7.0"
                },
                {
                  "lessThanOrEqual": "1.6.2",
                  "status": "affected",
                  "version": "1.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "1.5.1",
                  "status": "affected",
                  "version": "1.5.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "1.4.3",
                  "status": "affected",
                  "version": "1.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "1.3.1",
                  "status": "affected",
                  "version": "1.3.0",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "1.2.0"
                },
                {
                  "lessThanOrEqual": "1.1.2",
                  "status": "affected",
                  "version": "1.1.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "1.0.3",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:fortinet:fortiswitchmanager:7.2.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiswitchmanager:7.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiswitchmanager:7.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiswitchmanager:7.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiswitchmanager:7.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiswitchmanager:7.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiswitchmanager:7.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiswitchmanager:7.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiswitchmanager:7.0.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiswitchmanager:7.0.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiswitchmanager:7.0.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiswitchmanager:7.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiswitchmanager:7.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiswitchmanager:7.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiswitchmanager:7.0.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiSwitchManager",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "7.2.7",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.6",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:fortinet:fortiproxy:7.6.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.6.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.6.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.6.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.6.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.6.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.13:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.12:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.11:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.10:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.16:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.15:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.14:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.13:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.12:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.11:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.10:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.23:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.22:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.21:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.20:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.19:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.18:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.17:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.16:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.15:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.14:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.13:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.12:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.11:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.10:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiProxy",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "7.6.5",
                  "status": "affected",
                  "version": "7.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.4.13",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.2.16",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.23",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A buffer over-read vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions, FortiProxy 7.6.0 through 7.6.5, FortiProxy 7.4.0 through 7.4.13, FortiProxy 7.2 all versions, FortiProxy 7.0 all versions may allow attacker to information disclosure via \u003cinsert attack vector here\u003e"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-126",
                  "description": "Information disclosure",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-16T14:00:37.212Z",
            "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
            "shortName": "fortinet"
          },
          "references": [
            {
              "name": "https://fortiguard.fortinet.com/psirt/FG-IR-26-154",
              "url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-154"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to FortiOS version 7.6.4 or above\nUpgrade to FortiOS version 7.4.9 or above\nFortinet remediated this issue in FortiSASE version 25.4.b and hence customers do not need to perform any action.\nUpgrade to FortiProxy version 7.6.6 or above\nUpgrade to FortiProxy version 7.4.14 or above"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "assignerShortName": "fortinet",
        "cveId": "CVE-2026-59840",
        "datePublished": "2026-07-14T15:19:51.309Z",
        "dateReserved": "2026-07-07T15:21:36.593Z",
        "dateUpdated": "2026-07-16T14:00:37.212Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-43892 (GCVE-0-2025-43892)

    Vulnerability from cvelistv5 – Published: 2026-07-14 15:19 – Updated: 2026-07-16 14:00
    VLAI
    Summary
    A buffer over-read vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions may allow an authenticated remote attacker to return a portion of device memory in the redirect response via submitting a specially crafted request.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fortinet FortiOS Affected: 7.4.0 , ≤ 7.4.3 (semver)
    Affected: 7.2.0 , ≤ 7.2.13 (semver)
    Affected: 7.0.0 , ≤ 7.0.19 (semver)
        cpe:2.3:o:fortinet:fortios:7.4.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.13:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.12:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.11:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.10:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.9:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.8:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.7:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.6:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.5:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.4:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.19:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.18:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.17:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.16:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.15:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.14:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.13:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.12:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.11:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.10:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.9:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.8:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.7:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.6:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.5:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.4:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-43892",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-14T15:57:30.990330Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-14T16:02:29.209Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:o:fortinet:fortios:7.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.13:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.10:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.7:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.19:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.18:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.17:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.16:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.15:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.14:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.13:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.10:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.7:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiOS",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "7.4.3",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.2.13",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.19",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A buffer over-read vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions may allow an authenticated remote attacker to return a portion of device memory in the redirect response via submitting a specially crafted request."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-126",
                  "description": "Information disclosure",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-16T14:00:36.002Z",
            "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
            "shortName": "fortinet"
          },
          "references": [
            {
              "name": "https://fortiguard.fortinet.com/psirt/#5944",
              "url": "https://fortiguard.fortinet.com/psirt/#5944"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to FortiOS version 7.6.4 or above\nUpgrade to FortiOS version 7.4.9 or above\nFortinet remediated this issue in FortiSASE version 25.4.b and hence customers do not need to perform any action.\nUpgrade to FortiProxy version 7.6.6 or above\nUpgrade to FortiProxy version 7.4.14 or above"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "assignerShortName": "fortinet",
        "cveId": "CVE-2025-43892",
        "datePublished": "2026-07-14T15:19:51.080Z",
        "dateReserved": "2025-04-18T14:46:53.847Z",
        "dateUpdated": "2026-07-16T14:00:36.002Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-23573 (GCVE-0-2026-23573)

    Vulnerability from cvelistv5 – Published: 2026-07-14 15:19 – Updated: 2026-07-14 16:02
    VLAI
    Summary
    An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability [CWE-79] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.6, FortiOS 7.4 all versions, FortiOS 7.2 all versions, FortiPAM 1.8.0, FortiPAM 1.7 all versions, FortiPAM 1.6 all versions, FortiPAM 1.5 all versions, FortiPAM 1.4 all versions, FortiPAM 1.3 all versions, FortiPAM 1.2 all versions, FortiPAM 1.1 all versions, FortiPAM 1.0 all versions, FortiProxy 7.4.0 through 7.4.3, FortiProxy 7.2.0 through 7.2.9 may allow an authenticated remote user to execute code or commands via crafted requests.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Execute unauthorized code or commands
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fortinet FortiOS Affected: 7.6.0 , ≤ 7.6.6 (semver)
    Affected: 7.4.0 , ≤ 7.4.12 (semver)
    Affected: 7.2.0 , ≤ 7.2.13 (semver)
    Affected: 7.0.0 , ≤ 7.0.19 (semver)
    Affected: 6.4.0 , ≤ 6.4.16 (semver)
        cpe:2.3:o:fortinet:fortios:7.6.6:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.6.5:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.6.4:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.6.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.6.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.6.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.6.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.12:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.11:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.10:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.9:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.8:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.7:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.6:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.5:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.4:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.13:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.12:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.11:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.10:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.9:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.8:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.7:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.6:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.5:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.4:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.19:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.18:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.17:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.16:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.15:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.14:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.13:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.12:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.11:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.10:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.9:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.8:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.7:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.6:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.5:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.4:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.16:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.15:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.14:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.13:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.12:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.11:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.10:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.9:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.8:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.7:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.6:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.5:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.4:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Fortinet FortiProxy Affected: 7.4.0 , ≤ 7.4.3 (semver)
    Affected: 7.2.0 , ≤ 7.2.9 (semver)
    Affected: 7.0.0 , ≤ 7.0.16 (semver)
        cpe:2.3:a:fortinet:fortiproxy:7.4.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.9:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.16:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.15:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.14:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.13:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.12:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.11:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.10:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.9:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Fortinet FortiPAM Affected: 1.8.0
    Affected: 1.7.0 , ≤ 1.7.2 (semver)
    Affected: 1.6.0 , ≤ 1.6.2 (semver)
    Affected: 1.5.0 , ≤ 1.5.1 (semver)
    Affected: 1.4.0 , ≤ 1.4.3 (semver)
    Affected: 1.3.0 , ≤ 1.3.1 (semver)
    Affected: 1.2.0
    Affected: 1.1.0 , ≤ 1.1.2 (semver)
    Affected: 1.0.0 , ≤ 1.0.3 (semver)
        cpe:2.3:o:fortinet:fortipam:1.8.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.7.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.7.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.7.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.6.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.6.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.6.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.5.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.5.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.4.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.4.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.4.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.4.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.3.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.3.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.2.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.1.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.1.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.1.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.0.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.0.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.0.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-23573",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-14T15:57:48.078417Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-14T16:02:17.037Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:o:fortinet:fortios:7.6.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.6.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.6.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.6.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.6.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.6.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.6.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.10:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.7:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.13:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.10:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.7:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.19:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.18:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.17:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.16:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.15:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.14:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.13:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.10:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.7:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.16:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.15:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.14:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.13:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.10:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.7:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiOS",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "7.6.6",
                  "status": "affected",
                  "version": "7.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.4.12",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.2.13",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.19",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.4.16",
                  "status": "affected",
                  "version": "6.4.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:fortinet:fortiproxy:7.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.16:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.15:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.14:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.13:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.12:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.11:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.10:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiProxy",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "7.4.3",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.2.9",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.16",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:fortinet:fortipam:1.8.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.7.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.7.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.7.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.6.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.6.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.6.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.5.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.5.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.3.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.3.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.1.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.1.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.1.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.0.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiPAM",
              "vendor": "Fortinet",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.8.0"
                },
                {
                  "lessThanOrEqual": "1.7.2",
                  "status": "affected",
                  "version": "1.7.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "1.6.2",
                  "status": "affected",
                  "version": "1.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "1.5.1",
                  "status": "affected",
                  "version": "1.5.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "1.4.3",
                  "status": "affected",
                  "version": "1.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "1.3.1",
                  "status": "affected",
                  "version": "1.3.0",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "1.2.0"
                },
                {
                  "lessThanOrEqual": "1.1.2",
                  "status": "affected",
                  "version": "1.1.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "1.0.3",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability [CWE-79] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.6, FortiOS 7.4 all versions, FortiOS 7.2 all versions, FortiPAM 1.8.0, FortiPAM 1.7 all versions, FortiPAM 1.6 all versions, FortiPAM 1.5 all versions, FortiPAM 1.4 all versions, FortiPAM 1.3 all versions, FortiPAM 1.2 all versions, FortiPAM 1.1 all versions, FortiPAM 1.0 all versions, FortiProxy 7.4.0 through 7.4.3, FortiProxy 7.2.0 through 7.2.9 may allow an authenticated remote user to execute code or commands via crafted requests."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:P/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "Execute unauthorized code or commands",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-14T15:19:47.183Z",
            "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
            "shortName": "fortinet"
          },
          "references": [
            {
              "name": "https://fortiguard.fortinet.com/psirt/FG-IR-26-150",
              "url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-150"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to FortiOS version 8.0.0 or above\nUpgrade to FortiOS version 7.6.7 or above\nUpgrade to FortiProxy version 7.4.4 or above\nUpgrade to FortiProxy version 7.2.10 or above\nUpgrade to FortiProxy version 7.0.17 or above\nUpgrade to FortiPAM version 1.9.0 or above\nUpgrade to FortiPAM version 1.8.1 or above\nFortinet remediated this issue in FortiSASE version 26.1.1 and hence customers do not need to perform any action.\nUpgrade to FortiSwitchManager version 7.2.5 or above\nUpgrade to FortiSwitchManager version 7.0.3 or above"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "assignerShortName": "fortinet",
        "cveId": "CVE-2026-23573",
        "datePublished": "2026-07-14T15:19:47.183Z",
        "dateReserved": "2026-01-14T14:46:20.539Z",
        "dateUpdated": "2026-07-14T16:02:17.037Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-59839 (GCVE-0-2026-59839)

    Vulnerability from cvelistv5 – Published: 2026-07-14 15:19 – Updated: 2026-07-14 16:02
    VLAI
    Summary
    A improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in Fortinet FortiOS 7.6.0 through 7.6.6, FortiOS 7.4.0 through 7.4.9, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions, FortiPAM 1.8.0, FortiPAM 1.7.0 through 1.7.2, FortiPAM 1.6 all versions, FortiPAM 1.5 all versions, FortiPAM 1.4 all versions, FortiPAM 1.3 all versions, FortiPAM 1.2 all versions, FortiPAM 1.1 all versions, FortiPAM 1.0 all versions, FortiProxy 7.6.0 through 7.6.5, FortiProxy 7.4 through 7.4.13, FortiProxy 7.2 all versions, FortiProxy 7.0 all versions may allow attacker to execute unauthorized code or commands via <insert attack vector here>
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-22 - Execute unauthorized code or commands
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fortinet FortiProxy Affected: 7.6.0 , ≤ 7.6.5 (semver)
    Affected: 7.4.0 , ≤ 7.4.13 (semver)
    Affected: 7.2.0 , ≤ 7.2.16 (semver)
    Affected: 7.0.0 , ≤ 7.0.23 (semver)
        cpe:2.3:a:fortinet:fortiproxy:7.6.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.6.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.6.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.6.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.6.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.6.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.13:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.12:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.11:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.10:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.9:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.16:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.15:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.14:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.13:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.12:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.11:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.10:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.9:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.23:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.22:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.21:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.20:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.19:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.18:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.17:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.16:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.15:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.14:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.13:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.12:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.11:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.10:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.9:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Fortinet FortiOS Affected: 7.6.0 , ≤ 7.6.6 (semver)
    Affected: 7.4.0 , ≤ 7.4.9 (semver)
    Affected: 7.2.0 , ≤ 7.2.13 (semver)
    Affected: 7.0.0 , ≤ 7.0.19 (semver)
    Affected: 6.4.0 , ≤ 6.4.16 (semver)
        cpe:2.3:o:fortinet:fortios:7.6.6:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.6.5:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.6.4:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.6.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.6.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.6.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.6.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.9:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.8:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.7:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.6:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.5:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.4:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.13:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.12:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.11:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.10:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.9:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.8:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.7:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.6:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.5:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.4:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.19:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.18:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.17:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.16:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.15:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.14:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.13:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.12:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.11:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.10:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.9:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.8:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.7:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.6:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.5:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.4:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.16:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.15:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.14:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.13:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.12:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.11:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.10:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.9:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.8:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.7:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.6:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.5:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.4:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Fortinet FortiPAM Affected: 1.8.0
    Affected: 1.7.0 , ≤ 1.7.2 (semver)
    Affected: 1.6.0 , ≤ 1.6.2 (semver)
    Affected: 1.5.0 , ≤ 1.5.1 (semver)
    Affected: 1.4.0 , ≤ 1.4.3 (semver)
    Affected: 1.3.0 , ≤ 1.3.1 (semver)
    Affected: 1.2.0
    Affected: 1.1.0 , ≤ 1.1.2 (semver)
    Affected: 1.0.0 , ≤ 1.0.3 (semver)
        cpe:2.3:o:fortinet:fortipam:1.8.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.7.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.7.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.7.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.6.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.6.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.6.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.5.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.5.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.4.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.4.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.4.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.4.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.3.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.3.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.2.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.1.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.1.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.1.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.0.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.0.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.0.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-59839",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-14T16:02:03.651467Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-14T16:02:10.053Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:fortinet:fortiproxy:7.6.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.6.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.6.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.6.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.6.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.6.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.13:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.12:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.11:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.10:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.16:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.15:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.14:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.13:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.12:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.11:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.10:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.23:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.22:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.21:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.20:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.19:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.18:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.17:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.16:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.15:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.14:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.13:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.12:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.11:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.10:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiProxy",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "7.6.5",
                  "status": "affected",
                  "version": "7.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.4.13",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.2.16",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.23",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:fortinet:fortios:7.6.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.6.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.6.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.6.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.6.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.6.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.6.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.7:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.13:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.10:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.7:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.19:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.18:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.17:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.16:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.15:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.14:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.13:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.10:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.7:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.16:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.15:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.14:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.13:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.10:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.7:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiOS",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "7.6.6",
                  "status": "affected",
                  "version": "7.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.4.9",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.2.13",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.19",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.4.16",
                  "status": "affected",
                  "version": "6.4.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:fortinet:fortipam:1.8.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.7.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.7.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.7.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.6.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.6.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.6.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.5.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.5.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.3.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.3.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.1.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.1.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.1.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.0.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiPAM",
              "vendor": "Fortinet",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.8.0"
                },
                {
                  "lessThanOrEqual": "1.7.2",
                  "status": "affected",
                  "version": "1.7.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "1.6.2",
                  "status": "affected",
                  "version": "1.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "1.5.1",
                  "status": "affected",
                  "version": "1.5.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "1.4.3",
                  "status": "affected",
                  "version": "1.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "1.3.1",
                  "status": "affected",
                  "version": "1.3.0",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "1.2.0"
                },
                {
                  "lessThanOrEqual": "1.1.2",
                  "status": "affected",
                  "version": "1.1.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "1.0.3",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A improper limitation of a pathname to a restricted directory (\u0027path traversal\u0027) vulnerability in Fortinet FortiOS 7.6.0 through 7.6.6, FortiOS 7.4.0 through 7.4.9, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions, FortiPAM 1.8.0, FortiPAM 1.7.0 through 1.7.2, FortiPAM 1.6 all versions, FortiPAM 1.5 all versions, FortiPAM 1.4 all versions, FortiPAM 1.3 all versions, FortiPAM 1.2 all versions, FortiPAM 1.1 all versions, FortiPAM 1.0 all versions, FortiProxy 7.6.0 through 7.6.5, FortiProxy 7.4 through 7.4.13, FortiProxy 7.2 all versions, FortiProxy 7.0 all versions may allow attacker to execute unauthorized code or commands via \u003cinsert attack vector here\u003e"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "PHYSICAL",
                "availabilityImpact": "HIGH",
                "baseScore": 5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H/E:P/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "Execute unauthorized code or commands",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-14T15:19:46.961Z",
            "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
            "shortName": "fortinet"
          },
          "references": [
            {
              "name": "https://fortiguard.fortinet.com/psirt/FG-IR-26-151",
              "url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-151"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to FortiProxy version 7.6.6 or above\nUpgrade to FortiOS version 8.0.0 or above\nUpgrade to FortiOS version 7.6.7 or above\nUpgrade to FortiOS version 7.4.10 or above\nFortinet remediated this issue in FortiSASE version 26.1.1 and hence customers do not need to perform any action.\nUpgrade to FortiPAM version 1.9.0 or above\nUpgrade to FortiPAM version 1.8.1 or above\nUpgrade to FortiSwitchManager version 7.2.8 or above"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "assignerShortName": "fortinet",
        "cveId": "CVE-2026-59839",
        "datePublished": "2026-07-14T15:19:46.961Z",
        "dateReserved": "2026-07-07T15:21:31.715Z",
        "dateUpdated": "2026-07-14T16:02:10.053Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-62826 (GCVE-0-2025-62826)

    Vulnerability from cvelistv5 – Published: 2026-07-14 15:19 – Updated: 2026-07-14 16:02
    VLAI
    Summary
    An Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') vulnerability [CWE-113] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.4, FortiOS 7.4 all versions, FortiOS 7.2 all versions, FortiProxy 7.6.0 through 7.6.4, FortiProxy 7.4 all versions, FortiProxy 7.2 all versions may allow an attacker able to intercept and modify a user's captive portal authentication request to inject arbitrary headers via crafted HTTP requests.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-113 - Execute unauthorized code or commands
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fortinet FortiPAM Affected: 1.7.0
    Affected: 1.6.0 , ≤ 1.6.2 (semver)
    Affected: 1.5.0 , ≤ 1.5.1 (semver)
    Affected: 1.4.0 , ≤ 1.4.3 (semver)
    Affected: 1.3.0 , ≤ 1.3.1 (semver)
    Affected: 1.2.0
    Affected: 1.1.0 , ≤ 1.1.2 (semver)
    Affected: 1.0.0 , ≤ 1.0.3 (semver)
        cpe:2.3:o:fortinet:fortipam:1.7.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.6.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.6.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.6.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.5.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.5.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.4.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.4.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.4.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.4.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.3.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.3.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.2.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.1.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.1.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.1.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.0.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.0.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.0.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Fortinet FortiProxy Affected: 7.6.0 , ≤ 7.6.4 (semver)
    Affected: 7.4.0 , ≤ 7.4.14 (semver)
    Affected: 7.2.0 , ≤ 7.2.16 (semver)
    Affected: 7.0.0 , ≤ 7.0.23 (semver)
        cpe:2.3:a:fortinet:fortiproxy:7.6.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.6.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.6.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.6.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.6.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.14:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.13:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.12:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.11:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.10:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.9:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.16:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.15:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.14:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.13:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.12:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.11:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.10:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.9:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.23:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.22:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.21:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.20:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.19:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.18:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.17:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.16:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.15:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.14:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.13:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.12:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.11:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.10:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.9:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Fortinet FortiOS Affected: 7.6.0 , ≤ 7.6.2 (semver)
    Affected: 7.4.0 , ≤ 7.4.8 (semver)
    Affected: 7.2.0 , ≤ 7.2.13 (semver)
    Affected: 7.0.0 , ≤ 7.0.19 (semver)
    Affected: 6.4.0 , ≤ 6.4.16 (semver)
        cpe:2.3:o:fortinet:fortios:7.6.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.6.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.6.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.8:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.7:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.6:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.5:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.4:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.13:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.12:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.11:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.10:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.9:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.8:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.7:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.6:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.5:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.4:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.19:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.18:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.17:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.16:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.15:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.14:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.13:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.12:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.11:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.10:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.9:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.8:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.7:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.6:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.5:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.4:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.16:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.15:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.14:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.13:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.12:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.11:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.10:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.9:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.8:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.7:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.6:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.5:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.4:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-62826",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-14T16:02:21.507604Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-14T16:02:27.387Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:o:fortinet:fortipam:1.7.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.6.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.6.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.6.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.5.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.5.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.3.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.3.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.1.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.1.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.1.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.0.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiPAM",
              "vendor": "Fortinet",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.7.0"
                },
                {
                  "lessThanOrEqual": "1.6.2",
                  "status": "affected",
                  "version": "1.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "1.5.1",
                  "status": "affected",
                  "version": "1.5.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "1.4.3",
                  "status": "affected",
                  "version": "1.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "1.3.1",
                  "status": "affected",
                  "version": "1.3.0",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "1.2.0"
                },
                {
                  "lessThanOrEqual": "1.1.2",
                  "status": "affected",
                  "version": "1.1.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "1.0.3",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:fortinet:fortiproxy:7.6.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.6.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.6.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.6.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.6.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.14:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.13:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.12:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.11:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.10:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.16:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.15:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.14:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.13:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.12:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.11:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.10:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.23:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.22:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.21:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.20:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.19:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.18:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.17:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.16:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.15:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.14:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.13:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.12:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.11:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.10:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiProxy",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "7.6.4",
                  "status": "affected",
                  "version": "7.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.4.14",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.2.16",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.23",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:fortinet:fortios:7.6.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.6.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.6.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.7:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.13:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.10:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.7:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.19:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.18:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.17:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.16:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.15:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.14:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.13:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.10:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.7:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.16:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.15:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.14:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.13:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.10:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.7:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiOS",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "7.6.2",
                  "status": "affected",
                  "version": "7.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.4.8",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.2.13",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.19",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.4.16",
                  "status": "affected",
                  "version": "6.4.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An Improper Neutralization of CRLF Sequences in HTTP Headers (\u0027HTTP Response Splitting\u0027) vulnerability [CWE-113] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.4, FortiOS 7.4 all versions, FortiOS 7.2 all versions, FortiProxy 7.6.0 through 7.6.4, FortiProxy 7.4 all versions, FortiProxy 7.2 all versions may allow an attacker able to intercept and modify a user\u0027s captive portal authentication request to inject arbitrary headers via crafted HTTP requests."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 3.1,
                "baseSeverity": "LOW",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-113",
                  "description": "Execute unauthorized code or commands",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-14T15:19:46.918Z",
            "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
            "shortName": "fortinet"
          },
          "references": [
            {
              "name": "https://fortiguard.fortinet.com/psirt/FG-IR-26-153",
              "url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-153"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to FortiProxy version 7.6.5 or above\nUpgrade to upcoming  FortiOS version 8.0.0 or above\nUpgrade to FortiOS version 7.6.5 or above\nFortinet remediated this issue in FortiSASE version 25.4.b and hence customers do not need to perform any action.\nFortinet remediated this issue in FortiSASE version 25.4.a and hence customers do not need to perform any action."
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "assignerShortName": "fortinet",
        "cveId": "CVE-2025-62826",
        "datePublished": "2026-07-14T15:19:46.918Z",
        "dateReserved": "2025-10-23T11:55:45.919Z",
        "dateUpdated": "2026-07-14T16:02:27.387Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-62675 (GCVE-0-2025-62675)

    Vulnerability from cvelistv5 – Published: 2026-07-14 15:15 – Updated: 2026-07-14 16:02
    VLAI
    Summary
    An Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') vulnerability [CWE-113] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.4, FortiOS 7.4 all versions, FortiOS 7.2 all versions, FortiProxy 7.6.0 through 7.6.4, FortiProxy 7.4 all versions, FortiProxy 7.2 all versions may allow an attacker in possession of a valid web filter override token to inject arbitrary headers via tricking a user into clicking on a crafted link.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-113 - Execute unauthorized code or commands
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fortinet FortiOS Affected: 7.6.0 , ≤ 7.6.4 (semver)
    Affected: 7.4.0 , ≤ 7.4.12 (semver)
    Affected: 7.2.0 , ≤ 7.2.13 (semver)
    Affected: 7.0.0 , ≤ 7.0.19 (semver)
    Affected: 6.4.0 , ≤ 6.4.16 (semver)
        cpe:2.3:o:fortinet:fortios:7.6.4:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.6.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.6.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.6.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.6.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.12:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.11:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.10:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.9:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.8:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.7:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.6:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.5:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.4:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.13:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.12:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.11:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.10:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.9:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.8:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.7:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.6:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.5:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.4:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.19:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.18:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.17:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.16:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.15:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.14:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.13:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.12:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.11:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.10:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.9:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.8:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.7:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.6:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.5:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.4:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.16:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.15:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.14:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.13:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.12:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.11:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.10:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.9:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.8:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.7:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.6:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.5:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.4:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Fortinet FortiPAM Affected: 1.7.0
    Affected: 1.6.0 , ≤ 1.6.2 (semver)
    Affected: 1.5.0 , ≤ 1.5.1 (semver)
    Affected: 1.4.0 , ≤ 1.4.3 (semver)
    Affected: 1.3.0 , ≤ 1.3.1 (semver)
    Affected: 1.2.0
    Affected: 1.1.0 , ≤ 1.1.2 (semver)
    Affected: 1.0.0 , ≤ 1.0.3 (semver)
        cpe:2.3:o:fortinet:fortipam:1.7.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.6.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.6.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.6.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.5.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.5.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.4.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.4.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.4.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.4.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.3.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.3.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.2.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.1.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.1.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.1.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.0.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.0.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.0.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Fortinet FortiProxy Affected: 7.6.0 , ≤ 7.6.4 (semver)
    Affected: 7.4.0 , ≤ 7.4.14 (semver)
    Affected: 7.2.0 , ≤ 7.2.16 (semver)
    Affected: 7.0.0 , ≤ 7.0.23 (semver)
        cpe:2.3:a:fortinet:fortiproxy:7.6.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.6.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.6.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.6.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.6.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.14:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.13:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.12:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.11:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.10:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.9:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.16:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.15:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.14:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.13:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.12:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.11:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.10:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.9:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.23:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.22:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.21:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.20:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.19:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.18:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.17:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.16:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.15:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.14:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.13:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.12:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.11:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.10:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.9:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-62675",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-14T16:02:37.813993Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-14T16:02:45.423Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:o:fortinet:fortios:7.6.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.6.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.6.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.6.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.6.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.10:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.7:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.13:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.10:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.7:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.19:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.18:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.17:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.16:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.15:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.14:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.13:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.10:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.7:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.16:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.15:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.14:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.13:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.10:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.7:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiOS",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "7.6.4",
                  "status": "affected",
                  "version": "7.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.4.12",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.2.13",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.19",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.4.16",
                  "status": "affected",
                  "version": "6.4.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:fortinet:fortipam:1.7.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.6.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.6.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.6.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.5.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.5.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.3.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.3.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.1.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.1.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.1.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.0.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiPAM",
              "vendor": "Fortinet",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.7.0"
                },
                {
                  "lessThanOrEqual": "1.6.2",
                  "status": "affected",
                  "version": "1.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "1.5.1",
                  "status": "affected",
                  "version": "1.5.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "1.4.3",
                  "status": "affected",
                  "version": "1.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "1.3.1",
                  "status": "affected",
                  "version": "1.3.0",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "1.2.0"
                },
                {
                  "lessThanOrEqual": "1.1.2",
                  "status": "affected",
                  "version": "1.1.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "1.0.3",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:fortinet:fortiproxy:7.6.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.6.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.6.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.6.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.6.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.14:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.13:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.12:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.11:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.10:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.16:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.15:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.14:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.13:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.12:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.11:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.10:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.23:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.22:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.21:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.20:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.19:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.18:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.17:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.16:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.15:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.14:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.13:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.12:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.11:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.10:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiProxy",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "7.6.4",
                  "status": "affected",
                  "version": "7.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.4.14",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.2.16",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.23",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An Improper Neutralization of CRLF Sequences in HTTP Headers (\u0027HTTP Response Splitting\u0027) vulnerability [CWE-113] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.4, FortiOS 7.4 all versions, FortiOS 7.2 all versions, FortiProxy 7.6.0 through 7.6.4, FortiProxy 7.4 all versions, FortiProxy 7.2 all versions may allow an attacker in possession of a valid web filter override token to inject arbitrary headers via tricking a user into clicking on a crafted link."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 3.4,
                "baseSeverity": "LOW",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N/E:P/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-113",
                  "description": "Execute unauthorized code or commands",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-14T15:15:12.695Z",
            "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
            "shortName": "fortinet"
          },
          "references": [
            {
              "name": "https://fortiguard.fortinet.com/psirt/FG-IR-26-152",
              "url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-152"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Fortinet remediated this issue in FortiSASE version 25.4.b and hence customers do not need to perform any action.\nUpgrade to FortiProxy version 7.6.5 or above\nUpgrade to FortiOS version 8.0.0 or above\nUpgrade to FortiOS version 7.6.5 or above"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "assignerShortName": "fortinet",
        "cveId": "CVE-2025-62675",
        "datePublished": "2026-07-14T15:15:12.695Z",
        "dateReserved": "2025-10-20T08:07:37.650Z",
        "dateUpdated": "2026-07-14T16:02:45.423Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-59836 (GCVE-0-2026-59836)

    Vulnerability from cvelistv5 – Published: 2026-07-14 15:15 – Updated: 2026-07-15 03:59
    VLAI
    Summary
    A improper certificate validation vulnerability in Fortinet FortiClientEMS 7.4.3 through 7.4.5, FortiClientEMS 7.4.0 through 7.4.1, FortiClientEMS 7.2 all versions may allow attacker to information disclosure via <insert attack vector here>
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fortinet FortiClientEMS Affected: 7.4.3 , ≤ 7.4.5 (semver)
    Affected: 7.4.0 , ≤ 7.4.1 (semver)
    Affected: 7.2.12 , ≤ 7.2.14 (semver)
    Affected: 7.2.0 , ≤ 7.2.10 (semver)
        cpe:2.3:a:fortinet:forticlientems:7.4.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticlientems:7.4.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticlientems:7.4.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticlientems:7.4.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticlientems:7.4.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticlientems:7.2.14:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticlientems:7.2.13:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticlientems:7.2.12:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticlientems:7.2.10:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticlientems:7.2.9:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticlientems:7.2.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticlientems:7.2.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticlientems:7.2.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticlientems:7.2.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticlientems:7.2.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticlientems:7.2.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticlientems:7.2.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticlientems:7.2.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticlientems:7.2.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-59836",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-14T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-15T03:59:06.023Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:fortinet:forticlientems:7.4.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticlientems:7.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticlientems:7.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticlientems:7.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticlientems:7.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticlientems:7.2.14:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticlientems:7.2.13:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticlientems:7.2.12:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticlientems:7.2.10:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticlientems:7.2.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticlientems:7.2.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticlientems:7.2.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticlientems:7.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticlientems:7.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticlientems:7.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticlientems:7.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticlientems:7.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticlientems:7.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticlientems:7.2.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiClientEMS",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "7.4.5",
                  "status": "affected",
                  "version": "7.4.3",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.4.1",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.2.14",
                  "status": "affected",
                  "version": "7.2.12",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.2.10",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A improper certificate validation vulnerability in Fortinet FortiClientEMS 7.4.3 through 7.4.5, FortiClientEMS 7.4.0 through 7.4.1, FortiClientEMS 7.2 all versions may allow attacker to information disclosure via \u003cinsert attack vector here\u003e"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-295",
                  "description": "Information disclosure",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-14T15:15:08.063Z",
            "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
            "shortName": "fortinet"
          },
          "references": [
            {
              "name": "https://fortiguard.fortinet.com/psirt/FG-IR-26-147",
              "url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-147"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to upcoming  FortiClientEMS version 8.0.0 or above\nUpgrade to FortiClientEMS version 7.4.6 or above"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "assignerShortName": "fortinet",
        "cveId": "CVE-2026-59836",
        "datePublished": "2026-07-14T15:15:08.063Z",
        "dateReserved": "2026-07-07T15:21:26.614Z",
        "dateUpdated": "2026-07-15T03:59:06.023Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-59841 (GCVE-0-2026-59841)

    Vulnerability from cvelistv5 – Published: 2026-07-14 15:15 – Updated: 2026-07-15 03:59
    VLAI
    Summary
    A improper restriction of communication channel to intended endpoints vulnerability in Fortinet FortiSIEMWindowsAgent 7.4.0 through 7.4.1 may allow attacker to escalation of privilege via <insert attack vector here>
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-923 - Escalation of privilege
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fortinet FortiSIEMWindowsAgent Affected: 7.4.0 , ≤ 7.4.1 (semver)
        cpe:2.3:a:fortinet:fortisiemwindowsagent:7.4.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisiemwindowsagent:7.4.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-59841",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-14T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-15T03:59:10.652Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:fortinet:fortisiemwindowsagent:7.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisiemwindowsagent:7.4.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiSIEMWindowsAgent",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "7.4.1",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A improper restriction of communication channel to intended endpoints vulnerability in Fortinet FortiSIEMWindowsAgent 7.4.0 through 7.4.1 may allow attacker to escalation of privilege via \u003cinsert attack vector here\u003e"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-923",
                  "description": "Escalation of privilege",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-14T15:15:08.048Z",
            "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
            "shortName": "fortinet"
          },
          "references": [
            {
              "name": "https://fortiguard.fortinet.com/psirt/FG-IR-26-155",
              "url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-155"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to FortiSIEMWindowsAgent version 7.4.2 or above"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "assignerShortName": "fortinet",
        "cveId": "CVE-2026-59841",
        "datePublished": "2026-07-14T15:15:08.048Z",
        "dateReserved": "2026-07-07T15:21:38.323Z",
        "dateUpdated": "2026-07-15T03:59:10.652Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-53379 (GCVE-0-2025-53379)

    Vulnerability from cvelistv5 – Published: 2026-07-14 15:13 – Updated: 2026-07-14 15:56
    VLAI
    Summary
    A out-of-bounds read vulnerability in Fortinet FortiAuthenticator 6.6.0 through 6.6.2, FortiAuthenticator 6.5 all versions may allow a remote unauthenticated attacker to retrieve sensitive information via a specially crafted request.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fortinet FortiAuthenticator Affected: 6.6.0 , ≤ 6.6.2 (semver)
    Affected: 6.5.0 , ≤ 6.5.7 (semver)
    Affected: 6.4.0 , ≤ 6.4.11 (semver)
    Affected: 6.3.0 , ≤ 6.3.5 (semver)
        cpe:2.3:a:fortinet:fortiauthenticator:6.6.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiauthenticator:6.6.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiauthenticator:6.6.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiauthenticator:6.5.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiauthenticator:6.5.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiauthenticator:6.5.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiauthenticator:6.5.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiauthenticator:6.5.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiauthenticator:6.5.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiauthenticator:6.5.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiauthenticator:6.5.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiauthenticator:6.4.11:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiauthenticator:6.4.10:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiauthenticator:6.4.9:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiauthenticator:6.4.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiauthenticator:6.4.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiauthenticator:6.4.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiauthenticator:6.4.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiauthenticator:6.4.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiauthenticator:6.4.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiauthenticator:6.4.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiauthenticator:6.4.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiauthenticator:6.4.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiauthenticator:6.3.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiauthenticator:6.3.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiauthenticator:6.3.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiauthenticator:6.3.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiauthenticator:6.3.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiauthenticator:6.3.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-53379",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-14T15:55:57.538368Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-14T15:56:07.256Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:fortinet:fortiauthenticator:6.6.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiauthenticator:6.6.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiauthenticator:6.6.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiauthenticator:6.5.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiauthenticator:6.5.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiauthenticator:6.5.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiauthenticator:6.5.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiauthenticator:6.5.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiauthenticator:6.5.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiauthenticator:6.5.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiauthenticator:6.5.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiauthenticator:6.4.11:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiauthenticator:6.4.10:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiauthenticator:6.4.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiauthenticator:6.4.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiauthenticator:6.4.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiauthenticator:6.4.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiauthenticator:6.4.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiauthenticator:6.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiauthenticator:6.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiauthenticator:6.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiauthenticator:6.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiauthenticator:6.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiauthenticator:6.3.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiauthenticator:6.3.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiauthenticator:6.3.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiauthenticator:6.3.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiauthenticator:6.3.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiauthenticator:6.3.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiAuthenticator",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "6.6.2",
                  "status": "affected",
                  "version": "6.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.5.7",
                  "status": "affected",
                  "version": "6.5.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.4.11",
                  "status": "affected",
                  "version": "6.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.3.5",
                  "status": "affected",
                  "version": "6.3.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A out-of-bounds read vulnerability in Fortinet FortiAuthenticator 6.6.0 through 6.6.2, FortiAuthenticator 6.5 all versions may allow a remote unauthenticated attacker to retrieve sensitive information via a specially crafted request."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "Information disclosure",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-14T15:13:02.254Z",
            "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
            "shortName": "fortinet"
          },
          "references": [
            {
              "name": "https://fortiguard.fortinet.com/psirt/FG-IR-26-146",
              "url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-146"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to FortiAuthenticator version 6.6.3 or above"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "assignerShortName": "fortinet",
        "cveId": "CVE-2025-53379",
        "datePublished": "2026-07-14T15:13:02.254Z",
        "dateReserved": "2025-06-27T15:44:12.816Z",
        "dateUpdated": "2026-07-14T15:56:07.256Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-59835 (GCVE-0-2026-59835)

    Vulnerability from cvelistv5 – Published: 2026-07-14 15:12 – Updated: 2026-07-16 07:35
    VLAI
    Summary
    A exposure of resource to wrong sphere vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.2, FortiSandbox 4.4.3 through 4.4.8 may allow an unauthenticated attacker to access the VNC server of VMs performing scanning via network requests.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fortinet FortiSandbox Affected: 5.0.0 , ≤ 5.0.2 (semver)
    Affected: 4.4.3 , ≤ 4.4.8 (semver)
        cpe:2.3:a:fortinet:fortisandbox:5.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandbox:5.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandbox:5.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandbox:4.4.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandbox:4.4.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandbox:4.4.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandbox:4.4.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandbox:4.4.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandbox:4.4.3:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-59835",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-14T15:55:18.212803Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-14T15:55:23.469Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:fortinet:fortisandbox:5.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandbox:5.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandbox:5.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandbox:4.4.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandbox:4.4.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandbox:4.4.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandbox:4.4.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandbox:4.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandbox:4.4.3:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiSandbox",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "5.0.2",
                  "status": "affected",
                  "version": "5.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "4.4.8",
                  "status": "affected",
                  "version": "4.4.3",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A exposure of resource to wrong sphere vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.2, FortiSandbox 4.4.3 through 4.4.8 may allow an unauthenticated attacker to access the VNC server of VMs performing scanning via network requests."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 7.7,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L/E:P/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-668",
                  "description": "Information disclosure",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-16T07:35:10.603Z",
            "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
            "shortName": "fortinet"
          },
          "references": [
            {
              "name": "https://fortiguard.fortinet.com/psirt/FG-IR-26-145",
              "url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-145"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to FortiSandbox version 5.0.3 or above\nUpgrade to FortiSandbox version 4.4.9 or above"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "assignerShortName": "fortinet",
        "cveId": "CVE-2026-59835",
        "datePublished": "2026-07-14T15:12:20.855Z",
        "dateReserved": "2026-07-07T15:21:25.057Z",
        "dateUpdated": "2026-07-16T07:35:10.603Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-59837 (GCVE-0-2026-59837)

    Vulnerability from cvelistv5 – Published: 2026-07-14 15:06 – Updated: 2026-07-15 03:59
    VLAI
    Summary
    A stack-based buffer overflow vulnerability in Fortinet FortiOS 7.4.0 through 7.4.1, FortiOS 7.2 all versions, FortiPAM 1.8.0 through 1.8.2, FortiPAM 1.7 all versions, FortiPAM 1.6 all versions, FortiPAM 1.5 all versions, FortiPAM 1.4 all versions, FortiPAM 1.3 all versions, FortiPAM 1.2 all versions, FortiPAM 1.1 all versions, FortiPAM 1.0 all versions, FortiProxy 7.4.0 through 7.4.13, FortiProxy 7.2 all versions may allow a privileged authenticated attacker who can bypass stack protection and ASLR to execute arbitrary code or commands via crafted HTTP requests.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-121 - Execute unauthorized code or commands
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fortinet FortiPAM Affected: 1.8.0 , ≤ 1.8.2 (semver)
    Affected: 1.7.0 , ≤ 1.7.2 (semver)
    Affected: 1.6.0 , ≤ 1.6.2 (semver)
    Affected: 1.5.0 , ≤ 1.5.1 (semver)
    Affected: 1.4.0 , ≤ 1.4.3 (semver)
    Affected: 1.3.0 , ≤ 1.3.1 (semver)
    Affected: 1.2.0
    Affected: 1.1.0 , ≤ 1.1.2 (semver)
    Affected: 1.0.0 , ≤ 1.0.3 (semver)
        cpe:2.3:o:fortinet:fortipam:1.8.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.8.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.8.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.7.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.7.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.7.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.6.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.6.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.6.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.5.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.5.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.4.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.4.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.4.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.4.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.3.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.3.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.2.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.1.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.1.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.1.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.0.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.0.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.0.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Fortinet FortiSASE Affected: 26.1.1 , ≤ 26.1.2 (semver)
        cpe:2.3:a:fortinet:fortisase:26.1.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisase:26.1.1:*:*:*:*:*:*:*
    Create a notification for this product.
    Fortinet FortiProxy Affected: 7.4.0 , ≤ 7.4.13 (semver)
    Affected: 7.2.0 , ≤ 7.2.16 (semver)
        cpe:2.3:a:fortinet:fortiproxy:7.4.13:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.12:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.11:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.10:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.9:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.16:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.15:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.14:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.13:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.12:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.11:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.10:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.9:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Fortinet FortiOS Affected: 7.4.0 , ≤ 7.4.1 (semver)
    Affected: 7.2.0 , ≤ 7.2.13 (semver)
    Affected: 7.0.0 , ≤ 7.0.19 (semver)
    Affected: 6.4.0 , ≤ 6.4.16 (semver)
        cpe:2.3:o:fortinet:fortios:7.4.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.13:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.12:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.11:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.10:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.9:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.8:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.7:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.6:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.5:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.4:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.19:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.18:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.17:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.16:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.15:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.14:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.13:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.12:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.11:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.10:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.9:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.8:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.7:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.6:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.5:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.4:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.16:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.15:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.14:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.13:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.12:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.11:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.10:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.9:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.8:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.7:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.6:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.5:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.4:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-59837",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-14T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-15T03:59:04.454Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:o:fortinet:fortipam:1.8.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.8.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.8.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.7.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.7.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.7.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.6.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.6.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.6.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.5.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.5.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.3.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.3.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.1.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.1.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.1.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.0.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiPAM",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "1.8.2",
                  "status": "affected",
                  "version": "1.8.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "1.7.2",
                  "status": "affected",
                  "version": "1.7.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "1.6.2",
                  "status": "affected",
                  "version": "1.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "1.5.1",
                  "status": "affected",
                  "version": "1.5.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "1.4.3",
                  "status": "affected",
                  "version": "1.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "1.3.1",
                  "status": "affected",
                  "version": "1.3.0",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "1.2.0"
                },
                {
                  "lessThanOrEqual": "1.1.2",
                  "status": "affected",
                  "version": "1.1.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "1.0.3",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:fortinet:fortisase:26.1.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisase:26.1.1:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiSASE",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "26.1.2",
                  "status": "affected",
                  "version": "26.1.1",
                  "versionType": "semver"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:fortinet:fortiproxy:7.4.13:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.12:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.11:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.10:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.16:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.15:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.14:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.13:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.12:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.11:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.10:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiProxy",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "7.4.13",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.2.16",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:fortinet:fortios:7.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.13:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.10:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.7:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.19:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.18:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.17:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.16:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.15:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.14:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.13:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.10:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.7:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.16:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.15:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.14:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.13:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.10:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.7:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiOS",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "7.4.1",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.2.13",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.19",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.4.16",
                  "status": "affected",
                  "version": "6.4.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A stack-based buffer overflow vulnerability in Fortinet FortiOS 7.4.0 through 7.4.1, FortiOS 7.2 all versions, FortiPAM 1.8.0 through 1.8.2, FortiPAM 1.7 all versions, FortiPAM 1.6 all versions, FortiPAM 1.5 all versions, FortiPAM 1.4 all versions, FortiPAM 1.3 all versions, FortiPAM 1.2 all versions, FortiPAM 1.1 all versions, FortiPAM 1.0 all versions, FortiProxy 7.4.0 through 7.4.13, FortiProxy 7.2 all versions may allow a privileged authenticated attacker who can bypass stack protection and ASLR to execute arbitrary code or commands via crafted HTTP requests."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "Execute unauthorized code or commands",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-14T15:06:31.443Z",
            "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
            "shortName": "fortinet"
          },
          "references": [
            {
              "name": "https://fortiguard.fortinet.com/psirt/FG-IR-26-148",
              "url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-148"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to FortiOS version 8.0.0 or above\nUpgrade to FortiOS version 7.6.0 or above\nUpgrade to FortiOS version 7.4.2 or above\nUpgrade to FortiPAM version 1.9.0 or above\nUpgrade to FortiPAM version 1.8.3 or above\nUpgrade to FortiProxy version 7.6.0 or above\nUpgrade to FortiProxy version 7.4.14 or above"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "assignerShortName": "fortinet",
        "cveId": "CVE-2026-59837",
        "datePublished": "2026-07-14T15:06:31.443Z",
        "dateReserved": "2026-07-07T15:21:27.537Z",
        "dateUpdated": "2026-07-15T03:59:04.454Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-67862 (GCVE-0-2025-67862)

    Vulnerability from cvelistv5 – Published: 2026-06-09 14:27 – Updated: 2026-07-14 12:43
    VLAI
    Summary
    An Internal Asset Exposed to Unsafe Debug Access Level or State vulnerability [CWE-1244] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.2, FortiOS 7.4.0 through 7.4.7, FortiOS 7.2.0 through 7.2.10, FortiOS 7.0.0 through 7.0.16, FortiOS 6.4 all versions, FortiProxy 7.6.0 through 7.6.3, FortiProxy 7.4.0 through 7.4.10, FortiProxy 7.2.0 through 7.2.14, FortiProxy 7.0 all versions may allow an authenticated admin to execute lua scripts via crafted CLI commands.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-1244 - Execute unauthorized code or commands
    Assigner
    Impacted products
    Vendor Product Version
    Fortinet FortiOS Affected: 7.6.0 , ≤ 7.6.1 (semver)
    Affected: 7.4.0 , ≤ 7.4.6 (semver)
    Affected: 7.2.0 , ≤ 7.2.10 (semver)
    Affected: 7.0.0 , ≤ 7.0.16 (semver)
    Affected: 6.4.0 , ≤ 6.4.16 (semver)
        cpe:2.3:o:fortinet:fortios:7.6.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.6.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.6:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.5:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.4:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.10:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.9:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.8:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.7:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.6:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.5:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.4:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.16:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.15:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.14:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.13:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.12:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.11:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.10:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.9:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.8:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.7:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.6:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.5:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.4:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.16:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.15:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.14:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.13:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.12:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.11:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.10:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.9:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.8:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.7:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.6:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.5:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.4:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Fortinet FortiProxy Affected: 7.6.0 , ≤ 7.6.3 (semver)
    Affected: 7.4.0 , ≤ 7.4.10 (semver)
    Affected: 7.2.0 , ≤ 7.2.14 (semver)
    Affected: 7.0.0 , ≤ 7.0.23 (semver)
        cpe:2.3:a:fortinet:fortiproxy:7.6.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.6.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.6.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.6.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.10:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.9:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.14:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.13:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.12:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.11:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.10:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.9:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.23:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.22:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.21:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.20:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.19:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.18:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.17:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.16:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.15:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.14:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.13:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.12:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.11:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.10:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.9:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Siemens RUGGEDCOM APE1808 Affected: 0 , < * (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-67862",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-09T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-10T03:58:56.818Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "affected": [
              {
                "defaultStatus": "unknown",
                "product": "RUGGEDCOM APE1808",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-14T12:43:47.225Z",
              "orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
              "shortName": "siemens-SADP"
            },
            "references": [
              {
                "url": "https://cert-portal.siemens.com/productcert/html/ssa-864900.html"
              }
            ],
            "x_adpType": "supplier"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:o:fortinet:fortios:7.6.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.6.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.10:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.7:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.16:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.15:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.14:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.13:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.10:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.7:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.16:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.15:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.14:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.13:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.10:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.7:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiOS",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "7.6.1",
                  "status": "affected",
                  "version": "7.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.4.6",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.2.10",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.16",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.4.16",
                  "status": "affected",
                  "version": "6.4.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:fortinet:fortiproxy:7.6.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.6.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.6.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.6.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.10:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.14:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.13:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.12:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.11:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.10:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.23:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.22:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.21:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.20:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.19:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.18:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.17:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.16:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.15:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.14:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.13:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.12:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.11:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.10:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiProxy",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "7.6.3",
                  "status": "affected",
                  "version": "7.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.4.10",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.2.14",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.23",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An Internal Asset Exposed to Unsafe Debug Access Level or State vulnerability [CWE-1244] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.2, FortiOS 7.4.0 through 7.4.7, FortiOS 7.2.0 through 7.2.10, FortiOS 7.0.0 through 7.0.16, FortiOS 6.4 all versions, FortiProxy 7.6.0 through 7.6.3, FortiProxy 7.4.0 through 7.4.10, FortiProxy 7.2.0 through 7.2.14, FortiProxy 7.0 all versions may allow an authenticated admin to execute lua scripts via crafted CLI commands."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1244",
                  "description": "Execute unauthorized code or commands",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-09T14:27:50.485Z",
            "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
            "shortName": "fortinet"
          },
          "references": [
            {
              "name": "https://fortiguard.fortinet.com/psirt/FG-IR-26-143",
              "url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-143"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to FortiOS version 7.6.3 or above\nUpgrade to FortiOS version 7.4.8 or above\nUpgrade to FortiOS version 7.2.11 or above\nUpgrade to FortiOS version 7.0.17 or above\nUpgrade to FortiProxy version 7.6.4 or above\nUpgrade to FortiProxy version 7.4.11 or above\nUpgrade to FortiProxy version 7.2.15 or above"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "assignerShortName": "fortinet",
        "cveId": "CVE-2025-67862",
        "datePublished": "2026-06-09T14:27:50.485Z",
        "dateReserved": "2025-12-12T15:39:26.251Z",
        "dateUpdated": "2026-07-14T12:43:47.225Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-25089 (GCVE-0-2026-25089)

    Vulnerability from cvelistv5 – Published: 2026-06-09 14:27 – Updated: 2026-07-16 19:58
    VLAI CISA KEVIntel
    Summary
    A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8, FortiSandbox 4.2 all versions, FortiSandbox Cloud 5.0.4 through 5.0.5, FortiSandbox PaaS 5.0.4 through 5.0.5 may allow an unauthenticated attacker to execute unauthorized commands via specifically crafted HTTP requests
    SSVC
    Exploitation: active Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Execute unauthorized code or commands
    Assigner
    Impacted products
    Vendor Product Version
    Fortinet FortiSandbox Affected: 5.0.0 , ≤ 5.0.5 (semver)
    Affected: 4.4.0 , ≤ 4.4.8 (semver)
    Affected: 4.2.1 , ≤ 4.2.8 (semver)
        cpe:2.3:a:fortinet:fortisandbox:5.0.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandbox:5.0.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandbox:5.0.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandbox:5.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandbox:5.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandbox:5.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandbox:4.4.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandbox:4.4.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandbox:4.4.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandbox:4.4.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandbox:4.4.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandbox:4.4.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandbox:4.4.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandbox:4.4.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandbox:4.4.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandbox:4.2.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandbox:4.2.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandbox:4.2.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandbox:4.2.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandbox:4.2.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandbox:4.2.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandbox:4.2.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandbox:4.2.1:*:*:*:*:*:*:*
    Create a notification for this product.
    Fortinet FortiSandbox Cloud Affected: 5.0.4 , ≤ 5.0.5 (semver)
        cpe:2.3:a:fortinet:fortisandboxcloud:5.0.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandboxcloud:5.0.4:*:*:*:*:*:*:*
    Create a notification for this product.
    Fortinet FortiSandbox PaaS Affected: 5.0.4 , ≤ 5.0.5 (semver)
        cpe:2.3:a:fortinet:fortisandboxpaas:5.0.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandboxpaas:5.0.4:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-25089",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-16T17:45:08.107935Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2026-07-16",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-25089"
                  },
                  "type": "kev"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-16T19:58:24.115Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-25089"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2026-07-16T00:00:00.000Z",
                "value": "CVE-2026-25089 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:fortinet:fortisandbox:5.0.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandbox:5.0.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandbox:5.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandbox:5.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandbox:5.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandbox:5.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandbox:4.4.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandbox:4.4.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandbox:4.4.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandbox:4.4.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandbox:4.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandbox:4.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandbox:4.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandbox:4.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandbox:4.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandbox:4.2.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandbox:4.2.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandbox:4.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandbox:4.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandbox:4.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandbox:4.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandbox:4.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandbox:4.2.1:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiSandbox",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "5.0.5",
                  "status": "affected",
                  "version": "5.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "4.4.8",
                  "status": "affected",
                  "version": "4.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "4.2.8",
                  "status": "affected",
                  "version": "4.2.1",
                  "versionType": "semver"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:fortinet:fortisandboxcloud:5.0.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandboxcloud:5.0.4:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiSandbox Cloud",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "5.0.5",
                  "status": "affected",
                  "version": "5.0.4",
                  "versionType": "semver"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:fortinet:fortisandboxpaas:5.0.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandboxpaas:5.0.4:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiSandbox PaaS",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "5.0.5",
                  "status": "affected",
                  "version": "5.0.4",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A improper neutralization of special elements used in an os command (\u0027os command injection\u0027) vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8, FortiSandbox 4.2 all versions, FortiSandbox Cloud 5.0.4 through 5.0.5, FortiSandbox PaaS 5.0.4 through 5.0.5 may allow an unauthenticated attacker to execute unauthorized commands via specifically crafted HTTP requests"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.1,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "Execute unauthorized code or commands",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-09T14:27:47.492Z",
            "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
            "shortName": "fortinet"
          },
          "references": [
            {
              "name": "https://fortiguard.fortinet.com/psirt/FG-IR-26-141",
              "url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-141"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to upcoming  FortiSandbox version 5.2.0 or above\nUpgrade to FortiSandbox version 5.0.6 or above\nUpgrade to FortiSandbox version 4.4.9 or above\nUpgrade to upcoming  FortiSandbox PaaS version 5.2.0 or above\nUpgrade to FortiSandbox PaaS version 5.0.6 or above\nFortinet remediated this issue in FortiSandbox Cloud version 5.2.0 (not released) and hence customers do not need to perform any action.\nFortinet remediated this issue in FortiSandbox Cloud version 5.0.6 (not released) and hence customers do not need to perform any action."
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "assignerShortName": "fortinet",
        "cveId": "CVE-2026-25089",
        "datePublished": "2026-06-09T14:27:47.492Z",
        "dateReserved": "2026-01-29T09:27:29.820Z",
        "dateUpdated": "2026-07-16T19:58:24.115Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-49938 (GCVE-0-2026-49938)

    Vulnerability from cvelistv5 – Published: 2026-06-09 14:27 – Updated: 2026-07-08 12:54
    VLAI
    Summary
    A improper access control vulnerability in Fortinet FortiPortal 7.4.0 through 7.4.7, FortiPortal 7.2.0 through 7.2.8, FortiPortal 7.0 all versions may allow attacker to improper access control via <insert attack vector here>
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-284 - Improper access control
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fortinet FortiPortal Affected: 7.4.0 , ≤ 7.4.7 (semver)
    Affected: 7.2.0 , ≤ 7.2.8 (semver)
    Affected: 7.0.0 , ≤ 7.0.14 (semver)
        cpe:2.3:a:fortinet:fortiportal:7.4.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiportal:7.4.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiportal:7.4.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiportal:7.4.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiportal:7.4.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiportal:7.4.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiportal:7.4.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiportal:7.4.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiportal:7.2.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiportal:7.2.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiportal:7.2.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiportal:7.2.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiportal:7.2.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiportal:7.2.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiportal:7.2.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiportal:7.2.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiportal:7.2.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiportal:7.0.14:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiportal:7.0.13:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiportal:7.0.12:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiportal:7.0.11:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiportal:7.0.10:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiportal:7.0.9:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiportal:7.0.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiportal:7.0.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiportal:7.0.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiportal:7.0.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiportal:7.0.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiportal:7.0.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiportal:7.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiportal:7.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiportal:7.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-49938",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-09T15:36:51.644752Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-09T15:36:59.170Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:fortinet:fortiportal:7.4.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiportal:7.4.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiportal:7.4.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiportal:7.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiportal:7.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiportal:7.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiportal:7.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiportal:7.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiportal:7.2.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiportal:7.2.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiportal:7.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiportal:7.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiportal:7.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiportal:7.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiportal:7.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiportal:7.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiportal:7.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiportal:7.0.14:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiportal:7.0.13:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiportal:7.0.12:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiportal:7.0.11:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiportal:7.0.10:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiportal:7.0.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiportal:7.0.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiportal:7.0.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiportal:7.0.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiportal:7.0.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiportal:7.0.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiportal:7.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiportal:7.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiportal:7.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiportal:7.0.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiPortal",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "7.4.7",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.2.8",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.14",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A improper access control vulnerability in Fortinet FortiPortal 7.4.0 through 7.4.7, FortiPortal 7.2.0 through 7.2.8, FortiPortal 7.0 all versions may allow attacker to improper access control via \u003cinsert attack vector here\u003e"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.2,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "Improper access control",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-08T12:54:11.690Z",
            "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
            "shortName": "fortinet"
          },
          "references": [
            {
              "name": "https://fortiguard.fortinet.com/psirt/FG-IR-26-140",
              "url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-140"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to FortiPortal version 7.4.8 or above\nUpgrade to upcoming  FortiPortal version 7.2.9 or above"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "assignerShortName": "fortinet",
        "cveId": "CVE-2026-49938",
        "datePublished": "2026-06-09T14:27:42.914Z",
        "dateReserved": "2026-06-02T15:05:18.629Z",
        "dateUpdated": "2026-07-08T12:54:11.690Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-53870 (GCVE-0-2025-53870)

    Vulnerability from cvelistv5 – Published: 2026-05-12 16:54 – Updated: 2026-07-08 12:49
    VLAI
    Summary
    An improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiAP 7.6.0 through 7.6.2, FortiAP 7.4.0 through 7.4.5, FortiAP 7.2 all versions, FortiAP 7.0 all versions, FortiAP 6.4 all versions, FortiAP-W2 7.4.0 through 7.4.4, FortiAP-W2 7.2 all versions, FortiAP-W2 7.0 all versions may allow an authenticated attacker to execute unauthorized code or commands via a specifically crafted cli command.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Escalation of privilege
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fortinet FortiAP Affected: 7.6.0 , ≤ 7.6.2 (semver)
    Affected: 7.4.0 , ≤ 7.4.5 (semver)
    Affected: 7.2.0 , ≤ 7.2.6 (semver)
    Affected: 7.0.0 , ≤ 7.0.7 (semver)
    Affected: 6.4.3 , ≤ 6.4.9 (semver)
        cpe:2.3:a:fortinet:fortiap:7.6.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap:7.6.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap:7.6.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap:7.4.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap:7.4.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap:7.4.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap:7.4.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap:7.4.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap:7.4.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap:7.2.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap:7.2.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap:7.2.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap:7.2.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap:7.2.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap:7.2.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap:7.2.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap:7.0.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap:7.0.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap:7.0.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap:7.0.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap:7.0.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap:7.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap:7.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap:7.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap:6.4.9:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap:6.4.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap:6.4.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap:6.4.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap:6.4.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap:6.4.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap:6.4.3:*:*:*:*:*:*:*
    Create a notification for this product.
    Fortinet FortiAP-W2 Affected: 7.4.0 , ≤ 7.4.4 (semver)
    Affected: 7.2.0 , ≤ 7.2.5 (semver)
    Affected: 7.0.0 , ≤ 7.0.8 (semver)
        cpe:2.3:a:fortinet:fortiap-w2:7.4.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap-w2:7.4.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap-w2:7.4.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap-w2:7.4.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap-w2:7.4.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap-w2:7.2.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap-w2:7.2.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap-w2:7.2.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap-w2:7.2.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap-w2:7.2.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap-w2:7.2.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap-w2:7.0.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap-w2:7.0.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap-w2:7.0.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap-w2:7.0.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap-w2:7.0.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap-w2:7.0.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap-w2:7.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap-w2:7.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap-w2:7.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-53870",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-12T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-13T03:58:24.463Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:fortinet:fortiap:7.6.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap:7.6.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap:7.6.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap:7.4.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap:7.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap:7.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap:7.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap:7.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap:7.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap:7.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap:7.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap:7.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap:7.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap:7.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap:7.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap:7.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap:7.0.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap:7.0.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap:7.0.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap:7.0.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap:7.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap:7.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap:7.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap:7.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap:6.4.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap:6.4.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap:6.4.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap:6.4.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap:6.4.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap:6.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap:6.4.3:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiAP",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "7.6.2",
                  "status": "affected",
                  "version": "7.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.4.5",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.2.6",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.7",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.4.9",
                  "status": "affected",
                  "version": "6.4.3",
                  "versionType": "semver"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:fortinet:fortiap-w2:7.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap-w2:7.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap-w2:7.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap-w2:7.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap-w2:7.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap-w2:7.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap-w2:7.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap-w2:7.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap-w2:7.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap-w2:7.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap-w2:7.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap-w2:7.0.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap-w2:7.0.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap-w2:7.0.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap-w2:7.0.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap-w2:7.0.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap-w2:7.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap-w2:7.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap-w2:7.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap-w2:7.0.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiAP-W2",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "7.4.4",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.2.5",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.8",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An improper neutralization of special elements used in an os command (\u0027os command injection\u0027) vulnerability in Fortinet FortiAP 7.6.0 through 7.6.2, FortiAP 7.4.0 through 7.4.5, FortiAP 7.2 all versions, FortiAP 7.0 all versions, FortiAP 6.4 all versions, FortiAP-W2 7.4.0 through 7.4.4, FortiAP-W2 7.2 all versions, FortiAP-W2 7.0 all versions may allow  an authenticated attacker to execute unauthorized code or commands via a specifically crafted cli command."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "Escalation of privilege",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-08T12:49:35.891Z",
            "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
            "shortName": "fortinet"
          },
          "references": [
            {
              "name": "https://fortiguard.fortinet.com/psirt/FG-IR-26-133",
              "url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-133"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to FortiAP version 7.6.3 or above\nUpgrade to FortiAP version 7.4.6 or above\nUpgrade to FortiAP-U version 7.0.6 or above\nUpgrade to FortiAP-W2 version 7.4.5 or above"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "assignerShortName": "fortinet",
        "cveId": "CVE-2025-53870",
        "datePublished": "2026-05-12T16:54:32.010Z",
        "dateReserved": "2025-07-11T07:30:58.396Z",
        "dateUpdated": "2026-07-08T12:49:35.891Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-53680 (GCVE-0-2025-53680)

    Vulnerability from cvelistv5 – Published: 2026-05-12 16:54 – Updated: 2026-07-08 12:51
    VLAI
    Summary
    An improper neutralization of special elements used in an OS command ("OS Command Injection") vulnerability [CWE-78] vulnerability in Fortinet FortiAP 7.6.0 through 7.6.2, FortiAP 7.4.0 through 7.4.5, FortiAP 7.2 all versions, FortiAP 7.0 all versions, FortiAP 6.4 all versions, FortiAP-U 7.0.0 through 7.0.5, FortiAP-U 6.2 all versions, FortiAP-W2 7.4.0 through 7.4.4, FortiAP-W2 7.2 all versions, FortiAP-W2 7.0 all versions allows an authenticated privileged attacker to execute unauthorized code or commands via crafted CLI requests.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Execute unauthorized code or commands
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fortinet FortiAP-U Affected: 7.0.0 , ≤ 7.0.5 (semver)
    Affected: 6.2.0 , ≤ 6.2.6 (semver)
        cpe:2.3:a:fortinet:fortiap-u:7.0.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap-u:7.0.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap-u:7.0.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap-u:7.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap-u:7.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap-u:7.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap-u:6.2.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap-u:6.2.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap-u:6.2.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap-u:6.2.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap-u:6.2.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap-u:6.2.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap-u:6.2.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Fortinet FortiAP-W2 Affected: 7.4.0 , ≤ 7.4.4 (semver)
    Affected: 7.2.0 , ≤ 7.2.5 (semver)
    Affected: 7.0.0 , ≤ 7.0.8 (semver)
        cpe:2.3:a:fortinet:fortiap-w2:7.4.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap-w2:7.4.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap-w2:7.4.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap-w2:7.4.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap-w2:7.4.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap-w2:7.2.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap-w2:7.2.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap-w2:7.2.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap-w2:7.2.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap-w2:7.2.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap-w2:7.2.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap-w2:7.0.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap-w2:7.0.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap-w2:7.0.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap-w2:7.0.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap-w2:7.0.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap-w2:7.0.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap-w2:7.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap-w2:7.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap-w2:7.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Fortinet FortiAP Affected: 7.6.0 , ≤ 7.6.2 (semver)
    Affected: 7.4.0 , ≤ 7.4.5 (semver)
    Affected: 7.2.0 , ≤ 7.2.6 (semver)
    Affected: 7.0.0 , ≤ 7.0.7 (semver)
    Affected: 6.4.3 , ≤ 6.4.9 (semver)
        cpe:2.3:a:fortinet:fortiap:7.6.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap:7.6.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap:7.6.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap:7.4.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap:7.4.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap:7.4.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap:7.4.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap:7.4.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap:7.4.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap:7.2.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap:7.2.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap:7.2.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap:7.2.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap:7.2.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap:7.2.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap:7.2.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap:7.0.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap:7.0.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap:7.0.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap:7.0.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap:7.0.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap:7.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap:7.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap:7.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap:6.4.9:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap:6.4.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap:6.4.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap:6.4.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap:6.4.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap:6.4.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiap:6.4.3:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-53680",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-12T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-13T03:58:25.615Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:fortinet:fortiap-u:7.0.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap-u:7.0.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap-u:7.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap-u:7.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap-u:7.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap-u:7.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap-u:6.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap-u:6.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap-u:6.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap-u:6.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap-u:6.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap-u:6.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap-u:6.2.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiAP-U",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "7.0.5",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.2.6",
                  "status": "affected",
                  "version": "6.2.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:fortinet:fortiap-w2:7.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap-w2:7.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap-w2:7.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap-w2:7.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap-w2:7.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap-w2:7.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap-w2:7.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap-w2:7.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap-w2:7.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap-w2:7.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap-w2:7.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap-w2:7.0.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap-w2:7.0.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap-w2:7.0.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap-w2:7.0.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap-w2:7.0.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap-w2:7.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap-w2:7.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap-w2:7.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap-w2:7.0.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiAP-W2",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "7.4.4",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.2.5",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.8",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:fortinet:fortiap:7.6.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap:7.6.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap:7.6.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap:7.4.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap:7.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap:7.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap:7.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap:7.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap:7.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap:7.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap:7.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap:7.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap:7.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap:7.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap:7.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap:7.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap:7.0.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap:7.0.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap:7.0.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap:7.0.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap:7.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap:7.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap:7.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap:7.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap:6.4.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap:6.4.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap:6.4.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap:6.4.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap:6.4.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap:6.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiap:6.4.3:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiAP",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "7.6.2",
                  "status": "affected",
                  "version": "7.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.4.5",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.2.6",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.7",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.4.9",
                  "status": "affected",
                  "version": "6.4.3",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An improper neutralization of special elements used in an OS command (\"OS Command Injection\") vulnerability [CWE-78] vulnerability in Fortinet FortiAP 7.6.0 through 7.6.2, FortiAP 7.4.0 through 7.4.5, FortiAP 7.2 all versions, FortiAP 7.0 all versions, FortiAP 6.4 all versions, FortiAP-U 7.0.0 through 7.0.5, FortiAP-U 6.2 all versions, FortiAP-W2 7.4.0 through 7.4.4, FortiAP-W2 7.2 all versions, FortiAP-W2 7.0 all versions allows an authenticated privileged attacker to execute unauthorized code or commands via crafted CLI requests."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "Execute unauthorized code or commands",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-08T12:51:10.047Z",
            "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
            "shortName": "fortinet"
          },
          "references": [
            {
              "name": "https://fortiguard.fortinet.com/psirt/FG-IR-26-131",
              "url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-131"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to FortiAP-U version 7.0.6 or above\nUpgrade to FortiAP-W2 version 7.4.5 or above\nUpgrade to FortiAP version 7.6.3 or above\nUpgrade to FortiAP version 7.4.6 or above"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "assignerShortName": "fortinet",
        "cveId": "CVE-2025-53680",
        "datePublished": "2026-05-12T16:54:15.555Z",
        "dateReserved": "2025-07-08T09:23:05.011Z",
        "dateUpdated": "2026-07-08T12:51:10.047Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-67604 (GCVE-0-2025-67604)

    Vulnerability from cvelistv5 – Published: 2026-05-12 16:54 – Updated: 2026-05-12 19:02
    VLAI
    Summary
    A use of potentially dangerous function vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.8, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer 6.4 all versions, FortiManager 7.6.0 through 7.6.4, FortiManager 7.4.0 through 7.4.8, FortiManager 7.2 all versions, FortiManager 7.0 all versions, FortiManager 6.4 all versions may allow an authenticated attacker to cause a system hang via multiple specially crafted HTTP requests causing crashes. This happens if internal locks are aligned, which is out of control of the attacker.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fortinet FortiAnalyzer Affected: 7.6.0 , ≤ 7.6.4 (semver)
    Affected: 7.4.0 , ≤ 7.4.8 (semver)
    Affected: 7.2.0 , ≤ 7.2.12 (semver)
    Affected: 7.0.0 , ≤ 7.0.16 (semver)
    Affected: 6.4.0 , ≤ 6.4.15 (semver)
        cpe:2.3:o:fortinet:fortianalyzer:7.6.4:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.6.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.6.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.6.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.6.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.4.8:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.4.7:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.4.6:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.4.5:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.4.4:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.4.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.4.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.4.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.4.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.2.12:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.2.11:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.2.10:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.2.9:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.2.8:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.2.7:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.2.6:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.2.5:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.2.4:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.2.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.2.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.2.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.2.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.0.16:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.0.15:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.0.14:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.0.13:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.0.12:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.0.11:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.0.10:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.0.9:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.0.8:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.0.7:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.0.6:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.0.5:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.0.4:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.0.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.0.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.0.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.0.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:6.4.15:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:6.4.14:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:6.4.13:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:6.4.12:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:6.4.11:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:6.4.10:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:6.4.9:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:6.4.8:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:6.4.7:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:6.4.6:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:6.4.5:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:6.4.4:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:6.4.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:6.4.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:6.4.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:6.4.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Fortinet FortiManager Affected: 7.6.0 , ≤ 7.6.4 (semver)
    Affected: 7.4.0 , ≤ 7.4.8 (semver)
    Affected: 7.2.0 , ≤ 7.2.12 (semver)
    Affected: 7.0.0 , ≤ 7.0.16 (semver)
    Affected: 6.4.0 , ≤ 6.4.15 (semver)
        cpe:2.3:o:fortinet:fortimanager:7.6.4:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.6.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.6.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.6.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.6.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.4.8:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.4.7:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.4.6:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.4.5:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.4.4:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.4.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.4.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.4.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.4.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.2.12:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.2.11:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.2.10:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.2.9:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.2.8:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.2.7:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.2.6:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.2.5:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.2.4:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.2.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.2.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.2.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.2.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.0.16:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.0.15:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.0.14:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.0.13:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.0.12:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.0.11:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.0.10:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.0.9:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.0.8:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.0.7:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.0.6:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.0.5:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.0.4:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.0.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.0.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.0.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.0.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:6.4.15:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:6.4.14:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:6.4.13:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:6.4.12:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:6.4.11:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:6.4.10:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:6.4.9:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:6.4.8:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:6.4.7:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:6.4.6:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:6.4.5:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:6.4.4:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:6.4.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:6.4.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:6.4.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:6.4.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-67604",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-12T19:00:29.874258Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-12T19:02:05.842Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:o:fortinet:fortianalyzer:7.6.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.6.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.6.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.6.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.6.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.4.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.4.7:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.4.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.4.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.2.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.2.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.2.10:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.2.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.2.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.2.7:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.0.16:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.0.15:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.0.14:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.0.13:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.0.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.0.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.0.10:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.0.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.0.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.0.7:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.0.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.0.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.0.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:6.4.15:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:6.4.14:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:6.4.13:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:6.4.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:6.4.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:6.4.10:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:6.4.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:6.4.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:6.4.7:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:6.4.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:6.4.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:6.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:6.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:6.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:6.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:6.4.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiAnalyzer",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "7.6.4",
                  "status": "affected",
                  "version": "7.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.4.8",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.2.12",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.16",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.4.15",
                  "status": "affected",
                  "version": "6.4.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:fortinet:fortimanager:7.6.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.6.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.6.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.6.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.6.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.4.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.4.7:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.4.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.4.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.2.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.2.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.2.10:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.2.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.2.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.2.7:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.0.16:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.0.15:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.0.14:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.0.13:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.0.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.0.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.0.10:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.0.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.0.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.0.7:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.0.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.0.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.0.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:6.4.15:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:6.4.14:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:6.4.13:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:6.4.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:6.4.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:6.4.10:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:6.4.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:6.4.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:6.4.7:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:6.4.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:6.4.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:6.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:6.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:6.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:6.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:6.4.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiManager",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "7.6.4",
                  "status": "affected",
                  "version": "7.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.4.8",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.2.12",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.16",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.4.15",
                  "status": "affected",
                  "version": "6.4.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A use of potentially dangerous function vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.8, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer 6.4 all versions, FortiManager 7.6.0 through 7.6.4, FortiManager 7.4.0 through 7.4.8, FortiManager 7.2 all versions, FortiManager 7.0 all versions, FortiManager 6.4 all versions may allow an authenticated attacker to cause a system hang via multiple specially crafted HTTP requests causing crashes. This happens if internal locks are aligned, which is out of control of the attacker."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 5.2,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:F/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-676",
                  "description": "Denial of service",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-12T16:54:11.929Z",
            "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
            "shortName": "fortinet"
          },
          "references": [
            {
              "name": "https://fortiguard.fortinet.com/psirt/FG-IR-26-137",
              "url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-137"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to FortiAnalyzer version 8.0.0 or above\nUpgrade to FortiAnalyzer version 7.6.5 or above\nUpgrade to FortiAnalyzer version 7.4.9 or above\nUpgrade to FortiWeb version 8.0.3 or above\nUpgrade to FortiWeb version 7.6.7 or above\nUpgrade to FortiManager version 8.0.0 or above\nUpgrade to FortiManager version 7.6.5 or above\nUpgrade to FortiManager version 7.4.9 or above\nUpgrade to upcoming  FortiVoice version 8.0.0 or above\nUpgrade to upcoming  FortiVoice version 7.4.2 or above\nUpgrade to upcoming  FortiSandbox version 5.2.0 or above\nUpgrade to FortiSandbox version 5.0.6 or above"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "assignerShortName": "fortinet",
        "cveId": "CVE-2025-67604",
        "datePublished": "2026-05-12T16:54:11.929Z",
        "dateReserved": "2025-12-09T14:59:55.699Z",
        "dateUpdated": "2026-05-12T19:02:05.842Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-53681 (GCVE-0-2025-53681)

    Vulnerability from cvelistv5 – Published: 2026-05-12 16:54 – Updated: 2026-07-08 12:48
    VLAI
    Summary
    An improper neutralization of special elements used in an SQL Command ("SQL Injection&") vulnerability [CWE-89] vulnerability in Fortinet FortiMail 7.6.0 through 7.6.3, FortiMail 7.4.0 through 7.4.5, FortiMail 7.2.0 through 7.2.8 allows an authenticated privileged attacker to execute unauthorized code or commands via specifically crafted HTTP or HTTPS requests.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-89 - Execute unauthorized code or commands
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fortinet FortiMail Affected: 7.6.0 , ≤ 7.6.3 (semver)
    Affected: 7.4.0 , ≤ 7.4.5 (semver)
    Affected: 7.2.0 , ≤ 7.2.8 (semver)
        cpe:2.3:a:fortinet:fortimail:7.6.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.6.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.6.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.6.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.4.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.4.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.4.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.4.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.4.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.4.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.2.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.2.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.2.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.2.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.2.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.2.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.2.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.2.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.2.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-53681",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-12T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-13T03:58:26.763Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:fortinet:fortimail:7.6.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.6.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.6.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.6.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.4.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.2.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.2.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.2.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiMail",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "7.6.3",
                  "status": "affected",
                  "version": "7.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.4.5",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.2.8",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An improper neutralization of special elements used in an SQL Command (\"SQL Injection\u0026\") vulnerability [CWE-89] vulnerability in Fortinet FortiMail 7.6.0 through 7.6.3, FortiMail 7.4.0 through 7.4.5, FortiMail 7.2.0 through 7.2.8 allows an authenticated privileged attacker to execute unauthorized code or commands via specifically crafted HTTP or HTTPS requests."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "Execute unauthorized code or commands",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-08T12:48:43.347Z",
            "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
            "shortName": "fortinet"
          },
          "references": [
            {
              "name": "https://fortiguard.fortinet.com/psirt/FG-IR-26-132",
              "url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-132"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to FortiMail version 7.6.4 or above\nUpgrade to FortiMail version 7.4.6 or above\nUpgrade to FortiMail version 7.2.9 or above\nFortinet remediated this issue in FortiMail Cloud version 25.2 and hence customers do not need to perform any action."
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "assignerShortName": "fortinet",
        "cveId": "CVE-2025-53681",
        "datePublished": "2026-05-12T16:54:11.052Z",
        "dateReserved": "2025-07-08T09:23:05.011Z",
        "dateUpdated": "2026-07-08T12:48:43.347Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-25690 (GCVE-0-2026-25690)

    Vulnerability from cvelistv5 – Published: 2026-05-12 16:54 – Updated: 2026-07-08 12:51
    VLAI
    Summary
    An improper neutralization of argument delimiters in a command ('argument injection') vulnerability in Fortinet FortiDeceptor 6.0.0 through 6.0.2, FortiDeceptor 5.3.0 through 5.3.3, FortiDeceptor 5.2.0 through 5.2.1, FortiDeceptor 5.1 all versions, FortiDeceptor 5.0 all versions may allow an authenticated attacker with at least read-only admin permission to read log files via HTTP crafted requests.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-88 - Information disclosure
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fortinet FortiDeceptor Affected: 6.0.0 , ≤ 6.0.2 (semver)
    Affected: 5.3.0 , ≤ 5.3.3 (semver)
    Affected: 5.2.0 , ≤ 5.2.1 (semver)
    Affected: 5.1.0
    Affected: 5.0.0
        cpe:2.3:a:fortinet:fortideceptor:6.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortideceptor:6.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortideceptor:6.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortideceptor:5.3.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortideceptor:5.3.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortideceptor:5.3.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortideceptor:5.3.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortideceptor:5.2.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortideceptor:5.2.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortideceptor:5.1.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortideceptor:5.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-25690",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-12T19:00:14.405140Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-12T19:02:21.579Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:fortinet:fortideceptor:6.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortideceptor:6.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortideceptor:6.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortideceptor:5.3.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortideceptor:5.3.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortideceptor:5.3.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortideceptor:5.3.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortideceptor:5.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortideceptor:5.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortideceptor:5.1.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortideceptor:5.0.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiDeceptor",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "6.0.2",
                  "status": "affected",
                  "version": "6.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "5.3.3",
                  "status": "affected",
                  "version": "5.3.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "5.2.1",
                  "status": "affected",
                  "version": "5.2.0",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "5.1.0"
                },
                {
                  "status": "affected",
                  "version": "5.0.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An improper neutralization of argument delimiters in a command (\u0027argument injection\u0027) vulnerability in Fortinet FortiDeceptor 6.0.0 through 6.0.2, FortiDeceptor 5.3.0 through 5.3.3, FortiDeceptor 5.2.0 through 5.2.1, FortiDeceptor 5.1 all versions, FortiDeceptor 5.0 all versions may allow an authenticated attacker with at least read-only admin permission to read log files via HTTP crafted requests."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:F/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-88",
                  "description": "Information disclosure",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-08T12:51:17.936Z",
            "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
            "shortName": "fortinet"
          },
          "references": [
            {
              "name": "https://fortiguard.fortinet.com/psirt/FG-IR-26-138",
              "url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-138"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to upcoming  FortiDeceptor version 6.3.0 or above\nUpgrade to FortiDeceptor version 6.1.0 or above"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "assignerShortName": "fortinet",
        "cveId": "CVE-2026-25690",
        "datePublished": "2026-05-12T16:54:10.546Z",
        "dateReserved": "2026-02-05T08:56:55.794Z",
        "dateUpdated": "2026-07-08T12:51:17.936Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-53844 (GCVE-0-2025-53844)

    Vulnerability from cvelistv5 – Published: 2026-05-12 16:54 – Updated: 2026-07-14 12:43
    VLAI
    Summary
    A out-of-bounds write vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2.0 through 7.2.11 allows attacker to execute unauthorized code or commands via specially crafted packets.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-787 - Execute unauthorized code or commands
    Assigner
    Impacted products
    Vendor Product Version
    Fortinet FortiOS Affected: 7.6.0 , ≤ 7.6.3 (semver)
    Affected: 7.4.0 , ≤ 7.4.8 (semver)
    Affected: 7.2.0 , ≤ 7.2.11 (semver)
    Affected: 7.0.0 , ≤ 7.0.17 (semver)
    Affected: 6.4.0 , ≤ 6.4.16 (semver)
    Affected: 6.2.0 , ≤ 6.2.17 (semver)
    Affected: 6.0.0 , ≤ 6.0.18 (semver)
        cpe:2.3:o:fortinet:fortios:7.6.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.6.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.6.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.6.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.8:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.7:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.6:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.5:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.4:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.11:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.10:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.9:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.8:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.7:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.6:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.5:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.4:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.17:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.16:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.15:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.14:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.13:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.12:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.11:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.10:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.9:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.8:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.7:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.6:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.5:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.4:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.16:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.15:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.14:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.13:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.12:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.11:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.10:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.9:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.8:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.7:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.6:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.5:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.4:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.2.17:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.2.16:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.2.15:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.2.14:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.2.13:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.2.12:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.2.11:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.2.10:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.2.9:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.2.8:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.2.7:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.2.6:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.2.5:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.2.4:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.2.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.2.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.2.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.2.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.0.18:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.0.17:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.0.16:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.0.15:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.0.14:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.0.13:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.0.12:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.0.11:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.0.10:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.0.9:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.0.8:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.0.7:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.0.6:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.0.5:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.0.4:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.0.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.0.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.0.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Siemens RUGGEDCOM APE1808 Affected: 0 , < * (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-53844",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-12T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-13T03:58:28.011Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "affected": [
              {
                "defaultStatus": "unknown",
                "product": "RUGGEDCOM APE1808",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-14T12:43:34.237Z",
              "orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
              "shortName": "siemens-SADP"
            },
            "references": [
              {
                "url": "https://cert-portal.siemens.com/productcert/html/ssa-864900.html"
              }
            ],
            "x_adpType": "supplier"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:o:fortinet:fortios:7.6.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.6.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.6.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.6.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.7:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.10:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.7:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.17:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.16:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.15:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.14:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.13:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.10:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.7:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.16:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.15:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.14:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.13:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.10:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.7:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.2.17:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.2.16:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.2.15:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.2.14:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.2.13:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.2.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.2.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.2.10:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.2.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.2.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.2.7:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.0.18:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.0.17:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.0.16:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.0.15:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.0.14:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.0.13:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.0.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.0.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.0.10:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.0.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.0.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.0.7:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.0.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.0.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.0.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.0.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiOS",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "7.6.3",
                  "status": "affected",
                  "version": "7.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.4.8",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.2.11",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.17",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.4.16",
                  "status": "affected",
                  "version": "6.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.2.17",
                  "status": "affected",
                  "version": "6.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.0.18",
                  "status": "affected",
                  "version": "6.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A out-of-bounds write vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2.0 through 7.2.11 allows attacker to execute unauthorized code or commands via specially crafted packets."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "Execute unauthorized code or commands",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-08T12:54:35.692Z",
            "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
            "shortName": "fortinet"
          },
          "references": [
            {
              "name": "https://fortiguard.fortinet.com/psirt/FG-IR-26-123",
              "url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-123"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to FortiOS version 7.6.4 or above\nUpgrade to FortiOS version 7.4.9 or above\nUpgrade to FortiOS version 7.2.12 or above\nUpgrade to FortiOS version 7.0.18 or above\nFortinet remediated this issue in FortiSASE version 25.3.a and hence customers do not need to perform any action.\nUpgrade to FortiSwitchManager version 7.2.7 or above\nUpgrade to FortiSwitchManager version 7.0.6 or above\nFortinet remediated this issue in FortiEdgeCloud version 25.3 and hence customers do not need to perform any action."
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "assignerShortName": "fortinet",
        "cveId": "CVE-2025-53844",
        "datePublished": "2026-05-12T16:54:10.126Z",
        "dateReserved": "2025-07-10T08:53:33.015Z",
        "dateUpdated": "2026-07-14T12:43:34.237Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-44279 (GCVE-0-2026-44279)

    Vulnerability from cvelistv5 – Published: 2026-05-12 16:54 – Updated: 2026-06-26 08:23
    VLAI
    Summary
    An improper export of android application components vulnerability in Fortinet FortiTokenAndroid 6.2 all versions, FortiTokenAndroid 6.1 all versions, FortiTokenAndroid 5.2 all versions may allow attacker to disclose information via an exported Content Provider URI.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-926 - Improper access control
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fortinet FortiTokenAndroid Affected: 6.2.0
    Affected: 6.1.0
    Affected: 5.2.0 , ≤ 5.2.2 (semver)
        cpe:2.3:a:fortinet:fortitokenandroid:6.2.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortitokenandroid:6.1.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortitokenandroid:5.2.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortitokenandroid:5.2.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortitokenandroid:5.2.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-44279",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-12T18:59:55.342232Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-12T19:02:36.321Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:fortinet:fortitokenandroid:6.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortitokenandroid:6.1.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortitokenandroid:5.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortitokenandroid:5.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortitokenandroid:5.2.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiTokenAndroid",
              "vendor": "Fortinet",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.2.0"
                },
                {
                  "status": "affected",
                  "version": "6.1.0"
                },
                {
                  "lessThanOrEqual": "5.2.2",
                  "status": "affected",
                  "version": "5.2.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An improper export of android application components vulnerability in Fortinet FortiTokenAndroid 6.2 all versions, FortiTokenAndroid 6.1 all versions, FortiTokenAndroid 5.2 all versions may allow attacker to disclose information via an exported Content Provider URI."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-926",
                  "description": "Improper access control",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-26T08:23:24.786Z",
            "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
            "shortName": "fortinet"
          },
          "references": [
            {
              "name": "https://fortiguard.fortinet.com/psirt/FG-IR-26-130",
              "url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-130"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to FortiTokenAndroid version 6.4.0 or above"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "assignerShortName": "fortinet",
        "cveId": "CVE-2026-44279",
        "datePublished": "2026-05-12T16:54:09.625Z",
        "dateReserved": "2026-05-05T17:24:18.895Z",
        "dateUpdated": "2026-06-26T08:23:24.786Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-44278 (GCVE-0-2026-44278)

    Vulnerability from cvelistv5 – Published: 2026-05-12 16:54 – Updated: 2026-05-14 15:28
    VLAI
    Summary
    A use of hard-coded cryptographic key vulnerability in Fortinet FortiClientWindows 7.4.0 through 7.4.2, FortiClientWindows 7.2 all versions may allow attacker to information disclosure via <insert attack vector here>
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fortinet FortiClientWindows Affected: 7.4.0 , ≤ 7.4.2 (semver)
    Affected: 7.2.0 , ≤ 7.2.14 (semver)
        cpe:2.3:a:fortinet:forticlientwindows:7.4.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticlientwindows:7.4.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticlientwindows:7.4.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticlientwindows:7.2.14:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticlientwindows:7.2.13:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticlientwindows:7.2.12:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticlientwindows:7.2.11:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticlientwindows:7.2.10:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticlientwindows:7.2.9:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticlientwindows:7.2.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticlientwindows:7.2.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticlientwindows:7.2.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticlientwindows:7.2.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticlientwindows:7.2.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticlientwindows:7.2.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticlientwindows:7.2.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticlientwindows:7.2.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticlientwindows:7.2.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-44278",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-12T18:59:50.445107Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-12T19:02:43.679Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:fortinet:forticlientwindows:7.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticlientwindows:7.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticlientwindows:7.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticlientwindows:7.2.14:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticlientwindows:7.2.13:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticlientwindows:7.2.12:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticlientwindows:7.2.11:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticlientwindows:7.2.10:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticlientwindows:7.2.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticlientwindows:7.2.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticlientwindows:7.2.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticlientwindows:7.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticlientwindows:7.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticlientwindows:7.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticlientwindows:7.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticlientwindows:7.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticlientwindows:7.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticlientwindows:7.2.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiClientWindows",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "7.4.2",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.2.14",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A use of hard-coded cryptographic key vulnerability in Fortinet FortiClientWindows 7.4.0 through 7.4.2, FortiClientWindows 7.2 all versions may allow attacker to information disclosure via \u003cinsert attack vector here\u003e"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 2.1,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-321",
                  "description": "Information disclosure",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-14T15:28:56.927Z",
            "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
            "shortName": "fortinet"
          },
          "references": [
            {
              "name": "https://fortiguard.fortinet.com/psirt/FG-IR-26-129",
              "url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-129"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to FortiClientWindows version 7.4.3 or above"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "assignerShortName": "fortinet",
        "cveId": "CVE-2026-44278",
        "datePublished": "2026-05-12T16:54:09.226Z",
        "dateReserved": "2026-05-05T17:24:17.727Z",
        "dateUpdated": "2026-05-14T15:28:56.927Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-25088 (GCVE-0-2026-25088)

    Vulnerability from cvelistv5 – Published: 2026-05-12 16:54 – Updated: 2026-07-08 12:48
    VLAI
    Summary
    An improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiNDR 7.6.0 through 7.6.2, FortiNDR 7.4.0 through 7.4.9, FortiNDR 7.2 all versions, FortiNDR 7.1 all versions, FortiNDR 7.0 all versions may allow an authenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-89 - Execute unauthorized code or commands
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fortinet FortiNDR Affected: 7.6.0 , ≤ 7.6.2 (semver)
    Affected: 7.4.0 , ≤ 7.4.9 (semver)
    Affected: 7.2.0 , ≤ 7.2.5 (semver)
    Affected: 7.1.0 , ≤ 7.1.1 (semver)
    Affected: 7.0.0 , ≤ 7.0.7 (semver)
        cpe:2.3:a:fortinet:fortindr:7.6.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.6.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.6.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.4.9:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.4.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.4.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.4.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.4.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.4.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.4.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.4.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.4.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.4.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.2.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.2.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.2.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.2.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.2.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.2.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.1.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.1.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.0.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.0.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.0.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.0.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.0.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-25088",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-12T18:59:39.373512Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-12T19:02:51.082Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:fortinet:fortindr:7.6.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.6.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.6.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.4.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.4.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.4.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.4.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.4.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.1.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.1.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.0.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.0.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.0.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.0.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.0.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiNDR",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "7.6.2",
                  "status": "affected",
                  "version": "7.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.4.9",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.2.5",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.1.1",
                  "status": "affected",
                  "version": "7.1.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.7",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An improper neutralization of special elements used in an sql command (\u0027sql injection\u0027) vulnerability in Fortinet FortiNDR 7.6.0 through 7.6.2, FortiNDR 7.4.0 through 7.4.9, FortiNDR 7.2 all versions, FortiNDR 7.1 all versions, FortiNDR 7.0 all versions may allow an authenticated attacker to execute unauthorized code or commands via  specifically crafted HTTP requests."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:P/RL:O/RC:X",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "Execute unauthorized code or commands",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-08T12:48:55.661Z",
            "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
            "shortName": "fortinet"
          },
          "references": [
            {
              "name": "https://fortiguard.fortinet.com/psirt/FG-IR-26-134",
              "url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-134"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to FortiNDR version 7.6.3 or above\nUpgrade to FortiNDR version 7.4.10 or above"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "assignerShortName": "fortinet",
        "cveId": "CVE-2026-25088",
        "datePublished": "2026-05-12T16:54:07.352Z",
        "dateReserved": "2026-01-29T09:27:29.820Z",
        "dateUpdated": "2026-07-08T12:48:55.661Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-44277 (GCVE-0-2026-44277)

    Vulnerability from cvelistv5 – Published: 2026-05-12 16:54 – Updated: 2026-05-28 09:30
    VLAI
    Summary
    A improper access control vulnerability in Fortinet FortiAuthenticator 8.0.2, FortiAuthenticator 8.0.0, FortiAuthenticator 6.6.0 through 6.6.8, FortiAuthenticator 6.5.0 through 6.5.6 may allow attacker to execute unauthorized code or commands via crafted requests.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-284 - Execute unauthorized code or commands
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fortinet FortiAuthenticator Affected: 8.0.2
    Affected: 8.0.0
    Affected: 6.6.0 , ≤ 6.6.8 (semver)
    Affected: 6.5.0 , ≤ 6.5.6 (semver)
    Affected: 6.4.0 , ≤ 6.4.10 (semver)
        cpe:2.3:a:fortinet:fortiauthenticator:8.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiauthenticator:8.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiauthenticator:6.6.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiauthenticator:6.6.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiauthenticator:6.6.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiauthenticator:6.6.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiauthenticator:6.6.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiauthenticator:6.6.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiauthenticator:6.6.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiauthenticator:6.6.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiauthenticator:6.6.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiauthenticator:6.5.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiauthenticator:6.5.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiauthenticator:6.5.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiauthenticator:6.5.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiauthenticator:6.5.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiauthenticator:6.5.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiauthenticator:6.5.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiauthenticator:6.4.10:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiauthenticator:6.4.9:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiauthenticator:6.4.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiauthenticator:6.4.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiauthenticator:6.4.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiauthenticator:6.4.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiauthenticator:6.4.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiauthenticator:6.4.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiauthenticator:6.4.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiauthenticator:6.4.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiauthenticator:6.4.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-44277",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-12T18:59:33.244531Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-12T19:02:58.505Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:fortinet:fortiauthenticator:8.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiauthenticator:8.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiauthenticator:6.6.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiauthenticator:6.6.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiauthenticator:6.6.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiauthenticator:6.6.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiauthenticator:6.6.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiauthenticator:6.6.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiauthenticator:6.6.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiauthenticator:6.6.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiauthenticator:6.6.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiauthenticator:6.5.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiauthenticator:6.5.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiauthenticator:6.5.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiauthenticator:6.5.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiauthenticator:6.5.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiauthenticator:6.5.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiauthenticator:6.5.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiauthenticator:6.4.10:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiauthenticator:6.4.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiauthenticator:6.4.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiauthenticator:6.4.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiauthenticator:6.4.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiauthenticator:6.4.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiauthenticator:6.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiauthenticator:6.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiauthenticator:6.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiauthenticator:6.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiauthenticator:6.4.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiAuthenticator",
              "vendor": "Fortinet",
              "versions": [
                {
                  "status": "affected",
                  "version": "8.0.2"
                },
                {
                  "status": "affected",
                  "version": "8.0.0"
                },
                {
                  "lessThanOrEqual": "6.6.8",
                  "status": "affected",
                  "version": "6.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.5.6",
                  "status": "affected",
                  "version": "6.5.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.4.10",
                  "status": "affected",
                  "version": "6.4.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A improper access control vulnerability in Fortinet FortiAuthenticator 8.0.2, FortiAuthenticator 8.0.0, FortiAuthenticator 6.6.0 through 6.6.8, FortiAuthenticator 6.5.0 through 6.5.6 may allow attacker to execute unauthorized code or commands via crafted requests."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.1,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "Execute unauthorized code or commands",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-28T09:30:16.137Z",
            "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
            "shortName": "fortinet"
          },
          "references": [
            {
              "name": "https://fortiguard.fortinet.com/psirt/FG-IR-26-128",
              "url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-128"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to FortiAuthenticator version 8.0.3 or above\nUpgrade to FortiAuthenticator version 8.0.1 or above\nUpgrade to FortiAuthenticator version 6.6.9 or above\nUpgrade to FortiAuthenticator version 6.5.7 or above\nUpgrade to FortiAuthenticator version 6.4.11 or above\nUpgrade to FortiAuthenticator version 6.3.5 or above"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "assignerShortName": "fortinet",
        "cveId": "CVE-2026-44277",
        "datePublished": "2026-05-12T16:54:05.024Z",
        "dateReserved": "2026-05-05T17:24:16.702Z",
        "dateUpdated": "2026-05-28T09:30:16.137Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-26083 (GCVE-0-2026-26083)

    Vulnerability from cvelistv5 – Published: 2026-05-12 16:54 – Updated: 2026-07-08 12:50
    VLAI
    Summary
    A missing authorization vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.1, FortiSandbox 4.4.0 through 4.4.8, FortiSandbox Cloud 5.0.2 through 5.0.5, FortiSandbox PaaS 23.4 all versions, FortiSandbox PaaS 23.3 all versions, FortiSandbox PaaS 23.1 all versions, FortiSandbox PaaS 22.2 all versions, FortiSandbox PaaS 22.1 all versions, FortiSandbox PaaS 21.4 all versions, FortiSandbox PaaS 21.3 all versions, FortiSandbox PaaS 5.0.0 through 5.0.1, FortiSandbox PaaS 4.4.5 through 4.4.8 may allow an unauthenticated attacker to execute unauthorized code or commands via HTTP requests.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-862 - Execute unauthorized code or commands
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fortinet FortiSandbox Affected: 5.0.0 , ≤ 5.0.1 (semver)
    Affected: 4.4.0 , ≤ 4.4.8 (semver)
    Affected: 4.2.1 , ≤ 4.2.8 (semver)
        cpe:2.3:a:fortinet:fortisandbox:5.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandbox:5.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandbox:4.4.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandbox:4.4.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandbox:4.4.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandbox:4.4.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandbox:4.4.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandbox:4.4.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandbox:4.4.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandbox:4.4.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandbox:4.4.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandbox:4.2.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandbox:4.2.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandbox:4.2.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandbox:4.2.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandbox:4.2.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandbox:4.2.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandbox:4.2.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandbox:4.2.1:*:*:*:*:*:*:*
    Create a notification for this product.
    Fortinet FortiSandbox PaaS Affected: 23.4.4374
    Affected: 23.4.4350
    Affected: 23.3.4329
    Affected: 23.1.4245
    Affected: 22.2.4151
    Affected: 22.2.4134
    Affected: 22.1.4113
    Affected: 21.4.4072
    Affected: 21.3.4055
    Affected: 5.0.0 , ≤ 5.0.1 (semver)
    Affected: 4.4.5 , ≤ 4.4.8 (semver)
        cpe:2.3:a:fortinet:fortisandboxpaas:23.4.4374:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandboxpaas:23.4.4350:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandboxpaas:23.3.4329:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandboxpaas:23.1.4245:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandboxpaas:22.2.4151:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandboxpaas:22.2.4134:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandboxpaas:22.1.4113:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandboxpaas:21.4.4072:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandboxpaas:21.3.4055:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandboxpaas:5.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandboxpaas:5.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandboxpaas:4.4.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandboxpaas:4.4.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandboxpaas:4.4.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandboxpaas:4.4.5:*:*:*:*:*:*:*
    Create a notification for this product.
    Fortinet FortiSandbox Cloud Affected: 5.0.0 , ≤ 5.0.1 (semver)
    Affected: 4.4.5 , ≤ 4.4.8 (semver)
        cpe:2.3:a:fortinet:fortisandboxcloud:5.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandboxcloud:5.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandboxcloud:4.4.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandboxcloud:4.4.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandboxcloud:4.4.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortisandboxcloud:4.4.5:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-26083",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-12T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-13T03:58:29.159Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:fortinet:fortisandbox:5.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandbox:5.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandbox:4.4.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandbox:4.4.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandbox:4.4.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandbox:4.4.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandbox:4.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandbox:4.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandbox:4.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandbox:4.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandbox:4.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandbox:4.2.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandbox:4.2.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandbox:4.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandbox:4.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandbox:4.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandbox:4.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandbox:4.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandbox:4.2.1:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiSandbox",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "5.0.1",
                  "status": "affected",
                  "version": "5.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "4.4.8",
                  "status": "affected",
                  "version": "4.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "4.2.8",
                  "status": "affected",
                  "version": "4.2.1",
                  "versionType": "semver"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:fortinet:fortisandboxpaas:23.4.4374:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandboxpaas:23.4.4350:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandboxpaas:23.3.4329:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandboxpaas:23.1.4245:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandboxpaas:22.2.4151:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandboxpaas:22.2.4134:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandboxpaas:22.1.4113:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandboxpaas:21.4.4072:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandboxpaas:21.3.4055:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandboxpaas:5.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandboxpaas:5.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandboxpaas:4.4.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandboxpaas:4.4.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandboxpaas:4.4.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandboxpaas:4.4.5:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiSandbox PaaS",
              "vendor": "Fortinet",
              "versions": [
                {
                  "status": "affected",
                  "version": "23.4.4374"
                },
                {
                  "status": "affected",
                  "version": "23.4.4350"
                },
                {
                  "status": "affected",
                  "version": "23.3.4329"
                },
                {
                  "status": "affected",
                  "version": "23.1.4245"
                },
                {
                  "status": "affected",
                  "version": "22.2.4151"
                },
                {
                  "status": "affected",
                  "version": "22.2.4134"
                },
                {
                  "status": "affected",
                  "version": "22.1.4113"
                },
                {
                  "status": "affected",
                  "version": "21.4.4072"
                },
                {
                  "status": "affected",
                  "version": "21.3.4055"
                },
                {
                  "lessThanOrEqual": "5.0.1",
                  "status": "affected",
                  "version": "5.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "4.4.8",
                  "status": "affected",
                  "version": "4.4.5",
                  "versionType": "semver"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:fortinet:fortisandboxcloud:5.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandboxcloud:5.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandboxcloud:4.4.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandboxcloud:4.4.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandboxcloud:4.4.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortisandboxcloud:4.4.5:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiSandbox Cloud",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "5.0.1",
                  "status": "affected",
                  "version": "5.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "4.4.8",
                  "status": "affected",
                  "version": "4.4.5",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A missing authorization vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.1, FortiSandbox 4.4.0 through 4.4.8, FortiSandbox Cloud 5.0.2 through 5.0.5, FortiSandbox PaaS 23.4 all versions, FortiSandbox PaaS 23.3 all versions, FortiSandbox PaaS 23.1 all versions, FortiSandbox PaaS 22.2 all versions, FortiSandbox PaaS 22.1 all versions, FortiSandbox PaaS 21.4 all versions, FortiSandbox PaaS 21.3 all versions, FortiSandbox PaaS 5.0.0 through 5.0.1, FortiSandbox PaaS 4.4.5 through 4.4.8 may allow an unauthenticated attacker to execute unauthorized code or commands via HTTP requests."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.1,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "Execute unauthorized code or commands",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-08T12:50:53.631Z",
            "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
            "shortName": "fortinet"
          },
          "references": [
            {
              "name": "https://fortiguard.fortinet.com/psirt/FG-IR-26-136",
              "url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-136"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Fortinet remediated this issue in FortiSandbox Cloud version 5.0.2 and hence customers do not need to perform any action.\nFortinet remediated this issue in FortiSandbox Cloud version 4.4.9 and hence customers do not need to perform any action.\nUpgrade to FortiSandbox version 5.0.2 or above\nUpgrade to FortiSandbox version 4.4.9 or above\nUpgrade to FortiSandbox PaaS version 5.0.2 or above\nUpgrade to FortiSandbox PaaS version 4.4.9 or above"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "assignerShortName": "fortinet",
        "cveId": "CVE-2026-26083",
        "datePublished": "2026-05-12T16:54:04.923Z",
        "dateReserved": "2026-02-11T09:32:22.258Z",
        "dateUpdated": "2026-07-08T12:50:53.631Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-40688 (GCVE-0-2026-40688)

    Vulnerability from cvelistv5 – Published: 2026-04-14 22:35 – Updated: 2026-04-16 03:55
    VLAI
    Summary
    An out-of-bounds write vulnerability [CWE-787] vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.3, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4.0 through 7.4.11 may allow a remote privileged attacker to execute arbitrary code or command via crafted HTTP requests.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-787 - Execute unauthorized code or commands
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fortinet FortiWeb Affected: 8.0.0 , ≤ 8.0.3 (semver)
    Affected: 7.6.0 , ≤ 7.6.6 (semver)
    Affected: 7.4.0 , ≤ 7.4.11 (semver)
        cpe:2.3:a:fortinet:fortiweb:8.0.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:8.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:8.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:8.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.6.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.6.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.6.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.6.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.6.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.6.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.6.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.11:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.10:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.9:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-40688",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-15T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-16T03:55:18.342Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:fortinet:fortiweb:8.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:8.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:8.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:8.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.6.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.6.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.6.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.6.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.6.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.6.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.6.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.11:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.10:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiWeb",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "8.0.3",
                  "status": "affected",
                  "version": "8.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.6.6",
                  "status": "affected",
                  "version": "7.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.4.11",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An out-of-bounds write vulnerability [CWE-787] vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.3, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4.0 through 7.4.11 may allow a remote privileged attacker to execute arbitrary code or command via crafted HTTP requests."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "Execute unauthorized code or commands",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-15T08:53:24.743Z",
            "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
            "shortName": "fortinet"
          },
          "references": [
            {
              "name": "https://fortiguard.fortinet.com/psirt/FG-IR-26-127",
              "url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-127"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to FortiWeb version 8.0.4 or above\nUpgrade to FortiWeb version 7.6.7 or above\nUpgrade to FortiWeb version 7.4.12 or above"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "assignerShortName": "fortinet",
        "cveId": "CVE-2026-40688",
        "datePublished": "2026-04-14T22:35:15.438Z",
        "dateReserved": "2026-04-14T22:32:07.399Z",
        "dateUpdated": "2026-04-16T03:55:18.342Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-61624 (GCVE-0-2025-61624)

    Vulnerability from cvelistv5 – Published: 2026-04-14 15:39 – Updated: 2026-05-12 12:08
    VLAI
    Summary
    An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') [CWE-22] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.4, FortiOS 7.4.0 through 7.4.9, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions, FortiPAM 1.7.0, FortiPAM 1.6 all versions, FortiPAM 1.5 all versions, FortiPAM 1.4 all versions, FortiPAM 1.3 all versions, FortiPAM 1.2 all versions, FortiPAM 1.1 all versions, FortiPAM 1.0 all versions, FortiProxy 7.6.0 through 7.6.4, FortiProxy 7.4.0 through 7.4.11, FortiProxy 7.2 all versions, FortiProxy 7.0 all versions, FortiSwitchManager 7.2.0 through 7.2.7, FortiSwitchManager 7.0.0 through 7.0.6 may allow an authenticated attacker with admin profile and at least read-write permissions to write or delete arbitrary files via specific CLI commands.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-22 - Escalation of privilege
    Assigner
    Impacted products
    Vendor Product Version
    Fortinet FortiOS Affected: 7.6.0 , ≤ 7.6.4 (semver)
    Affected: 7.4.0 , ≤ 7.4.9 (semver)
    Affected: 7.2.0 , ≤ 7.2.13 (semver)
    Affected: 7.0.0 , ≤ 7.0.19 (semver)
    Affected: 6.4.0 , ≤ 6.4.16 (semver)
        cpe:2.3:o:fortinet:fortios:7.6.4:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.6.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.6.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.6.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.6.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.9:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.8:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.7:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.6:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.5:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.4:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.13:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.12:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.11:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.10:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.9:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.8:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.7:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.6:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.5:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.4:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.19:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.18:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.17:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.16:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.15:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.14:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.13:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.12:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.11:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.10:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.9:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.8:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.7:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.6:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.5:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.4:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.16:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.15:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.14:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.13:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.12:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.11:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.10:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.9:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.8:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.7:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.6:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.5:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.4:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Fortinet FortiProxy Affected: 7.6.0 , ≤ 7.6.4 (semver)
    Affected: 7.4.0 , ≤ 7.4.11 (semver)
    Affected: 7.2.0 , ≤ 7.2.16 (semver)
    Affected: 7.0.0 , ≤ 7.0.23 (semver)
        cpe:2.3:a:fortinet:fortiproxy:7.6.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.6.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.6.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.6.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.6.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.11:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.10:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.9:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.16:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.15:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.14:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.13:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.12:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.11:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.10:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.9:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.23:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.22:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.21:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.20:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.19:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.18:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.17:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.16:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.15:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.14:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.13:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.12:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.11:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.10:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.9:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Fortinet FortiSwitchManager Affected: 7.2.0 , ≤ 7.2.7 (semver)
    Affected: 7.0.0 , ≤ 7.0.6 (semver)
        cpe:2.3:a:fortinet:fortiswitchmanager:7.2.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiswitchmanager:7.2.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiswitchmanager:7.2.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiswitchmanager:7.2.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiswitchmanager:7.2.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiswitchmanager:7.2.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiswitchmanager:7.2.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiswitchmanager:7.2.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiswitchmanager:7.0.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiswitchmanager:7.0.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiswitchmanager:7.0.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiswitchmanager:7.0.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiswitchmanager:7.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiswitchmanager:7.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiswitchmanager:7.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Fortinet FortiPAM Affected: 1.7.0
    Affected: 1.6.0 , ≤ 1.6.2 (semver)
    Affected: 1.5.0 , ≤ 1.5.1 (semver)
    Affected: 1.4.0 , ≤ 1.4.3 (semver)
    Affected: 1.3.0 , ≤ 1.3.1 (semver)
    Affected: 1.2.0
    Affected: 1.1.0 , ≤ 1.1.2 (semver)
    Affected: 1.0.0 , ≤ 1.0.3 (semver)
        cpe:2.3:o:fortinet:fortipam:1.7.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.6.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.6.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.6.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.5.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.5.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.4.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.4.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.4.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.4.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.3.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.3.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.2.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.1.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.1.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.1.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.0.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.0.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.0.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Siemens RUGGEDCOM APE1808 Affected: 0 , < * (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-61624",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-14T16:16:14.420673Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-14T16:46:14.073Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "affected": [
              {
                "defaultStatus": "unknown",
                "product": "RUGGEDCOM APE1808",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-12T12:08:31.410Z",
              "orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
              "shortName": "siemens-SADP"
            },
            "references": [
              {
                "url": "https://cert-portal.siemens.com/productcert/html/ssa-975644.html"
              }
            ],
            "x_adpType": "supplier"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:o:fortinet:fortios:7.6.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.6.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.6.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.6.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.6.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.7:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.13:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.10:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.7:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.19:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.18:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.17:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.16:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.15:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.14:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.13:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.10:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.7:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.16:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.15:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.14:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.13:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.10:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.7:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiOS",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "7.6.4",
                  "status": "affected",
                  "version": "7.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.4.9",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.2.13",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.19",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.4.16",
                  "status": "affected",
                  "version": "6.4.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:fortinet:fortiproxy:7.6.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.6.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.6.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.6.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.6.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.11:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.10:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.16:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.15:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.14:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.13:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.12:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.11:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.10:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.23:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.22:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.21:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.20:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.19:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.18:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.17:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.16:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.15:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.14:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.13:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.12:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.11:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.10:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiProxy",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "7.6.4",
                  "status": "affected",
                  "version": "7.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.4.11",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.2.16",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.23",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:fortinet:fortiswitchmanager:7.2.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiswitchmanager:7.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiswitchmanager:7.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiswitchmanager:7.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiswitchmanager:7.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiswitchmanager:7.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiswitchmanager:7.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiswitchmanager:7.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiswitchmanager:7.0.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiswitchmanager:7.0.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiswitchmanager:7.0.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiswitchmanager:7.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiswitchmanager:7.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiswitchmanager:7.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiswitchmanager:7.0.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiSwitchManager",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "7.2.7",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.6",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:fortinet:fortipam:1.7.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.6.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.6.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.6.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.5.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.5.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.3.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.3.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.1.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.1.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.1.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.0.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiPAM",
              "vendor": "Fortinet",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.7.0"
                },
                {
                  "lessThanOrEqual": "1.6.2",
                  "status": "affected",
                  "version": "1.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "1.5.1",
                  "status": "affected",
                  "version": "1.5.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "1.4.3",
                  "status": "affected",
                  "version": "1.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "1.3.1",
                  "status": "affected",
                  "version": "1.3.0",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "1.2.0"
                },
                {
                  "lessThanOrEqual": "1.1.2",
                  "status": "affected",
                  "version": "1.1.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "1.0.3",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027) [CWE-22] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.4, FortiOS 7.4.0 through 7.4.9, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions, FortiPAM 1.7.0, FortiPAM 1.6 all versions, FortiPAM 1.5 all versions, FortiPAM 1.4 all versions, FortiPAM 1.3 all versions, FortiPAM 1.2 all versions, FortiPAM 1.1 all versions, FortiPAM 1.0 all versions, FortiProxy 7.6.0 through 7.6.4, FortiProxy 7.4.0 through 7.4.11, FortiProxy 7.2 all versions, FortiProxy 7.0 all versions, FortiSwitchManager 7.2.0 through 7.2.7, FortiSwitchManager 7.0.0 through 7.0.6 may allow an authenticated attacker with admin profile and at least read-write permissions to write or delete arbitrary files via specific CLI commands."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H/E:P/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "Escalation of privilege",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-14T15:39:51.445Z",
            "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
            "shortName": "fortinet"
          },
          "references": [
            {
              "name": "https://fortiguard.fortinet.com/psirt/FG-IR-26-122",
              "url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-122"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to upcoming  FortiOS version 8.0.0 or above\nUpgrade to FortiOS version 7.6.5 or above\nUpgrade to FortiOS version 7.4.10 or above\nUpgrade to FortiProxy version 7.6.5 or above\nUpgrade to FortiProxy version 7.4.12 or above\nUpgrade to FortiPAM version 1.8.0 or above\nUpgrade to FortiPAM version 1.7.1 or above\nFortinet remediated this issue in FortiSASE version 25.4.b and hence customers do not need to perform any action.\nUpgrade to upcoming  FortiSwitch version 8.0.0 or above\nUpgrade to FortiSwitch version 7.6.5 or above\nUpgrade to FortiSwitch version 7.4.9 or above\nUpgrade to FortiSwitchManager version 7.2.8 or above\nUpgrade to FortiSwitchManager version 7.0.7 or above"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "assignerShortName": "fortinet",
        "cveId": "CVE-2025-61624",
        "datePublished": "2026-04-14T15:39:51.445Z",
        "dateReserved": "2025-09-29T07:36:48.603Z",
        "dateUpdated": "2026-05-12T12:08:31.410Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-68649 (GCVE-0-2025-68649)

    Vulnerability from cvelistv5 – Published: 2026-04-14 15:39 – Updated: 2026-04-14 16:46
    VLAI
    Summary
    An improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.7, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer Cloud 7.6.0 through 7.6.4, FortiAnalyzer Cloud 7.4.0 through 7.4.7, FortiAnalyzer Cloud 7.2 all versions, FortiAnalyzer Cloud 7.0 all versions, FortiManager 7.6.0 through 7.6.4, FortiManager 7.4.0 through 7.4.7, FortiManager 7.2 all versions, FortiManager 7.0 all versions, FortiManager Cloud 7.6.0 through 7.6.4, FortiManager Cloud 7.4.0 through 7.4.7, FortiManager Cloud 7.2 all versions, FortiManager Cloud 7.0 all versions may allow a privileged attacker to delete files from the underlying filesystem via crafted CLI requests.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-22 - Escalation of privilege
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fortinet FortiManager Cloud Affected: 7.6.2 , ≤ 7.6.4 (semver)
    Affected: 7.4.1 , ≤ 7.4.7 (semver)
    Affected: 7.2.1 , ≤ 7.2.12 (semver)
    Affected: 7.0.1 , ≤ 7.0.16 (semver)
        cpe:2.3:a:fortinet:fortimanagercloud:7.6.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimanagercloud:7.6.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimanagercloud:7.6.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimanagercloud:7.4.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimanagercloud:7.4.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimanagercloud:7.4.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimanagercloud:7.4.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimanagercloud:7.4.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimanagercloud:7.4.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimanagercloud:7.4.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimanagercloud:7.2.12:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimanagercloud:7.2.11:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimanagercloud:7.2.10:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimanagercloud:7.2.9:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimanagercloud:7.2.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimanagercloud:7.2.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimanagercloud:7.2.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimanagercloud:7.2.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimanagercloud:7.2.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimanagercloud:7.2.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimanagercloud:7.2.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimanagercloud:7.2.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimanagercloud:7.0.16:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimanagercloud:7.0.15:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimanagercloud:7.0.14:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimanagercloud:7.0.13:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimanagercloud:7.0.12:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimanagercloud:7.0.11:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimanagercloud:7.0.10:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimanagercloud:7.0.9:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimanagercloud:7.0.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimanagercloud:7.0.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimanagercloud:7.0.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimanagercloud:7.0.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimanagercloud:7.0.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimanagercloud:7.0.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimanagercloud:7.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimanagercloud:7.0.1:*:*:*:*:*:*:*
    Create a notification for this product.
    Fortinet FortiManager Affected: 7.6.0 , ≤ 7.6.4 (semver)
    Affected: 7.4.0 , ≤ 7.4.7 (semver)
    Affected: 7.2.0 , ≤ 7.2.12 (semver)
    Affected: 7.0.0 , ≤ 7.0.16 (semver)
        cpe:2.3:o:fortinet:fortimanager:7.6.4:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.6.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.6.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.6.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.6.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.4.7:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.4.6:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.4.5:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.4.4:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.4.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.4.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.4.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.4.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.2.12:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.2.11:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.2.10:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.2.9:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.2.8:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.2.7:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.2.6:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.2.5:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.2.4:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.2.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.2.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.2.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.2.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.0.16:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.0.15:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.0.14:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.0.13:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.0.12:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.0.11:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.0.10:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.0.9:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.0.8:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.0.7:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.0.6:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.0.5:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.0.4:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.0.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.0.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.0.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Fortinet FortiAnalyzer Affected: 7.6.0 , ≤ 7.6.4 (semver)
    Affected: 7.4.0 , ≤ 7.4.7 (semver)
    Affected: 7.2.0 , ≤ 7.2.12 (semver)
    Affected: 7.0.0 , ≤ 7.0.16 (semver)
        cpe:2.3:o:fortinet:fortianalyzer:7.6.4:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.6.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.6.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.6.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.6.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.4.7:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.4.6:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.4.5:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.4.4:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.4.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.4.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.4.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.4.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.2.12:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.2.11:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.2.10:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.2.9:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.2.8:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.2.7:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.2.6:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.2.5:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.2.4:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.2.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.2.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.2.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.2.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.0.16:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.0.15:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.0.14:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.0.13:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.0.12:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.0.11:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.0.10:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.0.9:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.0.8:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.0.7:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.0.6:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.0.5:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.0.4:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.0.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.0.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.0.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortianalyzer:7.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Fortinet FortiAnalyzer Cloud Affected: 7.6.2
    Affected: 7.4.1 , ≤ 7.4.7 (semver)
    Affected: 7.2.1 , ≤ 7.2.12 (semver)
    Affected: 7.0.1 , ≤ 7.0.16 (semver)
        cpe:2.3:a:fortinet:fortianalyzercloud:7.6.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortianalyzercloud:7.4.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortianalyzercloud:7.4.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortianalyzercloud:7.4.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortianalyzercloud:7.4.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortianalyzercloud:7.4.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortianalyzercloud:7.4.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortianalyzercloud:7.4.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortianalyzercloud:7.2.12:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortianalyzercloud:7.2.11:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortianalyzercloud:7.2.10:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortianalyzercloud:7.2.9:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortianalyzercloud:7.2.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortianalyzercloud:7.2.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortianalyzercloud:7.2.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortianalyzercloud:7.2.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortianalyzercloud:7.2.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortianalyzercloud:7.2.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortianalyzercloud:7.2.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortianalyzercloud:7.2.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortianalyzercloud:7.0.16:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortianalyzercloud:7.0.15:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortianalyzercloud:7.0.14:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortianalyzercloud:7.0.13:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortianalyzercloud:7.0.12:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortianalyzercloud:7.0.11:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortianalyzercloud:7.0.10:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortianalyzercloud:7.0.9:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortianalyzercloud:7.0.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortianalyzercloud:7.0.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortianalyzercloud:7.0.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortianalyzercloud:7.0.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortianalyzercloud:7.0.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortianalyzercloud:7.0.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortianalyzercloud:7.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortianalyzercloud:7.0.1:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-68649",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-14T16:16:05.364770Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-14T16:46:14.224Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:fortinet:fortimanagercloud:7.6.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimanagercloud:7.6.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimanagercloud:7.6.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimanagercloud:7.4.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimanagercloud:7.4.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimanagercloud:7.4.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimanagercloud:7.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimanagercloud:7.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimanagercloud:7.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimanagercloud:7.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimanagercloud:7.2.12:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimanagercloud:7.2.11:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimanagercloud:7.2.10:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimanagercloud:7.2.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimanagercloud:7.2.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimanagercloud:7.2.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimanagercloud:7.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimanagercloud:7.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimanagercloud:7.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimanagercloud:7.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimanagercloud:7.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimanagercloud:7.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimanagercloud:7.0.16:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimanagercloud:7.0.15:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimanagercloud:7.0.14:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimanagercloud:7.0.13:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimanagercloud:7.0.12:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimanagercloud:7.0.11:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimanagercloud:7.0.10:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimanagercloud:7.0.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimanagercloud:7.0.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimanagercloud:7.0.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimanagercloud:7.0.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimanagercloud:7.0.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimanagercloud:7.0.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimanagercloud:7.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimanagercloud:7.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimanagercloud:7.0.1:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiManager Cloud",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "7.6.4",
                  "status": "affected",
                  "version": "7.6.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.4.7",
                  "status": "affected",
                  "version": "7.4.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.2.12",
                  "status": "affected",
                  "version": "7.2.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.16",
                  "status": "affected",
                  "version": "7.0.1",
                  "versionType": "semver"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:fortinet:fortimanager:7.6.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.6.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.6.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.6.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.6.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.4.7:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.4.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.4.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.2.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.2.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.2.10:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.2.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.2.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.2.7:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.0.16:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.0.15:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.0.14:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.0.13:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.0.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.0.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.0.10:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.0.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.0.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.0.7:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.0.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.0.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.0.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.0.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiManager",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "7.6.4",
                  "status": "affected",
                  "version": "7.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.4.7",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.2.12",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.16",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:fortinet:fortianalyzer:7.6.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.6.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.6.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.6.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.6.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.4.7:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.4.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.4.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.2.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.2.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.2.10:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.2.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.2.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.2.7:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.0.16:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.0.15:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.0.14:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.0.13:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.0.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.0.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.0.10:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.0.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.0.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.0.7:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.0.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.0.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.0.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortianalyzer:7.0.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiAnalyzer",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "7.6.4",
                  "status": "affected",
                  "version": "7.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.4.7",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.2.12",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.16",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:fortinet:fortianalyzercloud:7.6.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortianalyzercloud:7.4.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortianalyzercloud:7.4.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortianalyzercloud:7.4.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortianalyzercloud:7.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortianalyzercloud:7.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortianalyzercloud:7.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortianalyzercloud:7.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortianalyzercloud:7.2.12:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortianalyzercloud:7.2.11:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortianalyzercloud:7.2.10:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortianalyzercloud:7.2.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortianalyzercloud:7.2.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortianalyzercloud:7.2.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortianalyzercloud:7.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortianalyzercloud:7.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortianalyzercloud:7.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortianalyzercloud:7.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortianalyzercloud:7.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortianalyzercloud:7.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortianalyzercloud:7.0.16:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortianalyzercloud:7.0.15:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortianalyzercloud:7.0.14:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortianalyzercloud:7.0.13:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortianalyzercloud:7.0.12:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortianalyzercloud:7.0.11:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortianalyzercloud:7.0.10:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortianalyzercloud:7.0.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortianalyzercloud:7.0.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortianalyzercloud:7.0.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortianalyzercloud:7.0.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortianalyzercloud:7.0.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortianalyzercloud:7.0.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortianalyzercloud:7.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortianalyzercloud:7.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortianalyzercloud:7.0.1:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiAnalyzer Cloud",
              "vendor": "Fortinet",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.6.2"
                },
                {
                  "lessThanOrEqual": "7.4.7",
                  "status": "affected",
                  "version": "7.4.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.2.12",
                  "status": "affected",
                  "version": "7.2.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.16",
                  "status": "affected",
                  "version": "7.0.1",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An improper limitation of a pathname to a restricted directory (\u0027path traversal\u0027) vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.7, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer Cloud 7.6.0 through 7.6.4, FortiAnalyzer Cloud 7.4.0 through 7.4.7, FortiAnalyzer Cloud 7.2 all versions, FortiAnalyzer Cloud 7.0 all versions, FortiManager 7.6.0 through 7.6.4, FortiManager 7.4.0 through 7.4.7, FortiManager 7.2 all versions, FortiManager 7.0 all versions, FortiManager Cloud 7.6.0 through 7.6.4, FortiManager Cloud 7.4.0 through 7.4.7, FortiManager Cloud 7.2 all versions, FortiManager Cloud 7.0 all versions may allow a privileged attacker to delete files from the underlying filesystem via crafted CLI requests."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H/E:P/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "Escalation of privilege",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-14T15:39:46.446Z",
            "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
            "shortName": "fortinet"
          },
          "references": [
            {
              "name": "https://fortiguard.fortinet.com/psirt/FG-IR-26-120",
              "url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-120"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to FortiManager Cloud version 7.6.5 or above\nUpgrade to FortiManager Cloud version 7.4.8 or above\nUpgrade to FortiManager version 7.6.5 or above\nUpgrade to FortiManager version 7.4.8 or above\nUpgrade to FortiAnalyzer version 7.6.5 or above\nUpgrade to FortiAnalyzer version 7.4.8 or above\nUpgrade to FortiAnalyzer Cloud version 7.6.5 or above\nUpgrade to FortiAnalyzer Cloud version 7.4.8 or above"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "assignerShortName": "fortinet",
        "cveId": "CVE-2025-68649",
        "datePublished": "2026-04-14T15:39:46.446Z",
        "dateReserved": "2025-12-22T07:42:48.338Z",
        "dateUpdated": "2026-04-14T16:46:14.224Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-21741 (GCVE-0-2026-21741)

    Vulnerability from cvelistv5 – Published: 2026-04-14 15:39 – Updated: 2026-04-14 16:15
    VLAI
    Summary
    An URL Redirection to Untrusted Site ('Open Redirect') vulnerability [CWE-601] vulnerability in Fortinet FortiNAC-F 7.6.0 through 7.6.5, FortiNAC-F 7.4 all versions, FortiNAC-F 7.2 all versions may allow a remote privileged attacker with system administrator role to redirect users to an arbitrary website via crafted CSV file.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-601 - Execute unauthorized code or commands
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fortinet FortiNAC-F Affected: 7.6.0 , ≤ 7.6.5 (semver)
    Affected: 7.4.0 , ≤ 7.4.3 (semver)
    Affected: 7.2.0 , ≤ 7.2.9 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-21741",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-14T16:15:45.406424Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-14T16:15:52.069Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [],
              "defaultStatus": "unaffected",
              "product": "FortiNAC-F",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "7.6.5",
                  "status": "affected",
                  "version": "7.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.4.3",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.2.9",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An URL Redirection to Untrusted Site (\u0027Open Redirect\u0027) vulnerability [CWE-601] vulnerability in Fortinet FortiNAC-F 7.6.0 through 7.6.5, FortiNAC-F 7.4 all versions, FortiNAC-F 7.2 all versions may allow a remote privileged attacker with system administrator role to redirect users to an arbitrary website via crafted CSV file."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 2.2,
                "baseSeverity": "LOW",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-601",
                  "description": "Execute unauthorized code or commands",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-14T15:39:45.334Z",
            "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
            "shortName": "fortinet"
          },
          "references": [
            {
              "name": "https://fortiguard.fortinet.com/psirt/FG-IR-26-118",
              "url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-118"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to upcoming  FortiNAC-F version 7.6.6 or above"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "assignerShortName": "fortinet",
        "cveId": "CVE-2026-21741",
        "datePublished": "2026-04-14T15:39:45.334Z",
        "dateReserved": "2026-01-05T14:17:53.224Z",
        "dateUpdated": "2026-04-14T16:15:52.069Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }