Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2026-22153 (GCVE-0-2026-22153)
Vulnerability from cvelistv5 – Published: 2026-02-10 15:39 – Updated: 2026-02-26 15:04
VLAI
EPSS
Summary
An Authentication Bypass by Primary Weakness vulnerability [CWE-305] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.4 may allow an unauthenticated attacker to bypass LDAP authentication of Agentless VPN or FSSO policy, when the remote LDAP server is configured in a specific way.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-305 - Improper access control
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Fortinet | FortiOS |
Affected:
7.6.0 , ≤ 7.6.4
(semver)
cpe:2.3:o:fortinet:fortios:7.6.4:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.6.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.6.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.6.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.6.0:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-22153",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-11T04:56:21.036753Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T15:04:11.526Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:o:fortinet:fortios:7.6.4:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.6.3:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.6.2:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.6.1:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.6.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiOS",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.6.4",
"status": "affected",
"version": "7.6.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An Authentication Bypass by Primary Weakness vulnerability [CWE-305] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.4 may allow an unauthenticated attacker to bypass LDAP authentication of Agentless VPN or FSSO policy, when the remote LDAP server is configured in a specific way."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-305",
"description": "Improper access control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-10T15:39:12.214Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-25-1052",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-25-1052"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to upcoming FortiOS version 8.0.0 or above\nUpgrade to FortiOS version 7.6.5 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2026-22153",
"datePublished": "2026-02-10T15:39:12.214Z",
"dateReserved": "2026-01-06T15:01:17.446Z",
"dateUpdated": "2026-02-26T15:04:11.526Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2026-22153",
"date": "2026-06-17",
"epss": "0.00698",
"percentile": "0.48164"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2026-22153\",\"sourceIdentifier\":\"psirt@fortinet.com\",\"published\":\"2026-02-10T16:16:11.050\",\"lastModified\":\"2026-02-12T16:03:10.500\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An Authentication Bypass by Primary Weakness vulnerability [CWE-305] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.4 may allow an unauthenticated attacker to bypass LDAP authentication of Agentless VPN or FSSO policy, when the remote LDAP server is configured in a specific way.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"psirt@fortinet.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.1,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.2,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"psirt@fortinet.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-305\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.6.0\",\"versionEndExcluding\":\"7.6.5\",\"matchCriteriaId\":\"26DF2CCC-782C-4AE8-8CDE-13FFEE8676E6\"}]}]}],\"references\":[{\"url\":\"https://fortiguard.fortinet.com/psirt/FG-IR-25-1052\",\"source\":\"psirt@fortinet.com\",\"tags\":[\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-22153\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-02-11T04:56:21.036753Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-02-25T15:55:04.748Z\"}}], \"cna\": {\"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"cpes\": [\"cpe:2.3:o:fortinet:fortios:7.6.4:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortios:7.6.3:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortios:7.6.2:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortios:7.6.1:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortios:7.6.0:*:*:*:*:*:*:*\"], \"vendor\": \"Fortinet\", \"product\": \"FortiOS\", \"versions\": [{\"status\": \"affected\", \"version\": \"7.6.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"7.6.4\"}], \"defaultStatus\": \"unaffected\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"Upgrade to upcoming FortiOS version 8.0.0 or above\\nUpgrade to FortiOS version 7.6.5 or above\"}], \"references\": [{\"url\": \"https://fortiguard.fortinet.com/psirt/FG-IR-25-1052\", \"name\": \"https://fortiguard.fortinet.com/psirt/FG-IR-25-1052\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"An Authentication Bypass by Primary Weakness vulnerability [CWE-305] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.4 may allow an unauthenticated attacker to bypass LDAP authentication of Agentless VPN or FSSO policy, when the remote LDAP server is configured in a specific way.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-305\", \"description\": \"Improper access control\"}]}], \"providerMetadata\": {\"orgId\": \"6abe59d8-c742-4dff-8ce8-9b0ca1073da8\", \"shortName\": \"fortinet\", \"dateUpdated\": \"2026-02-10T15:39:12.214Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2026-22153\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-02-26T15:04:11.526Z\", \"dateReserved\": \"2026-01-06T15:01:17.446Z\", \"assignerOrgId\": \"6abe59d8-c742-4dff-8ce8-9b0ca1073da8\", \"datePublished\": \"2026-02-10T15:39:12.214Z\", \"assignerShortName\": \"fortinet\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
CERTFR-2026-AVI-0147
Vulnerability from certfr_avis - Published: 2026-02-11 - Updated: 2026-02-11
De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Fortinet | FortiSandbox | FortiSandbox versions 5.0.x antérieures à 5.0.2 | ||
| Fortinet | FortiClient | FortiClientWindows versions 7.4.x antérieures à 7.4.5 | ||
| Fortinet | FortiClient | FortiClientWindows versions 7.x antérieures à 7.2.13 | ||
| Fortinet | FortiSandbox | FortiSandbox versions 4.x antérieures à 4.4.8 | ||
| Fortinet | FortiAuthenticator | FortiAuthenticator versions 6.3.x à 6.6.x antérieures à 6.6.7 | ||
| Fortinet | FortiOS | FortiOS versions 7.6.x antérieures à 7.6.5 avec FSSO TS Agent version 5.0 build 0324 | ||
| Fortinet | FortiOS | FortiOS versions 6.x à 7.x antérieures à 7.4.10 avec FSSO TS Agent version 5.0 build 0324 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "FortiSandbox versions 5.0.x ant\u00e9rieures \u00e0 5.0.2",
"product": {
"name": "FortiSandbox",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiClientWindows versions 7.4.x ant\u00e9rieures \u00e0 7.4.5",
"product": {
"name": "FortiClient",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiClientWindows versions 7.x ant\u00e9rieures \u00e0 7.2.13",
"product": {
"name": "FortiClient",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSandbox versions 4.x ant\u00e9rieures \u00e0 4.4.8",
"product": {
"name": "FortiSandbox",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAuthenticator versions 6.3.x \u00e0 6.6.x ant\u00e9rieures \u00e0 6.6.7",
"product": {
"name": "FortiAuthenticator",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions 7.6.x ant\u00e9rieures \u00e0 7.6.5 avec FSSO TS Agent version 5.0 build 0324",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions 6.x \u00e0 7.x ant\u00e9rieures \u00e0 7.4.10 avec FSSO TS Agent version 5.0 build 0324",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-55018",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55018"
},
{
"name": "CVE-2025-62439",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-62439"
},
{
"name": "CVE-2026-21743",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21743"
},
{
"name": "CVE-2026-22153",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22153"
},
{
"name": "CVE-2025-68686",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68686"
},
{
"name": "CVE-2025-64157",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64157"
},
{
"name": "CVE-2025-52436",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52436"
},
{
"name": "CVE-2025-62676",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-62676"
}
],
"initial_release_date": "2026-02-11T00:00:00",
"last_revision_date": "2026-02-11T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0147",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-02-11T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Fortinet. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
"vendor_advisories": [
{
"published_at": "2026-02-10",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-795",
"url": "https://www.fortiguard.com/psirt/FG-IR-25-795"
},
{
"published_at": "2026-02-10",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-934",
"url": "https://www.fortiguard.com/psirt/FG-IR-25-934"
},
{
"published_at": "2026-02-10",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-1052",
"url": "https://www.fortiguard.com/psirt/FG-IR-25-1052"
},
{
"published_at": "2026-02-10",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-384",
"url": "https://www.fortiguard.com/psirt/FG-IR-25-384"
},
{
"published_at": "2026-02-10",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-093",
"url": "https://www.fortiguard.com/psirt/FG-IR-25-093"
},
{
"published_at": "2026-02-10",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-661",
"url": "https://www.fortiguard.com/psirt/FG-IR-25-661"
},
{
"published_at": "2026-02-10",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-528",
"url": "https://www.fortiguard.com/psirt/FG-IR-25-528"
},
{
"published_at": "2026-02-10",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-667",
"url": "https://www.fortiguard.com/psirt/FG-IR-25-667"
}
]
}
CERTFR-2026-AVI-0147
Vulnerability from certfr_avis - Published: 2026-02-11 - Updated: 2026-02-11
De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Fortinet | FortiSandbox | FortiSandbox versions 5.0.x antérieures à 5.0.2 | ||
| Fortinet | FortiClient | FortiClientWindows versions 7.4.x antérieures à 7.4.5 | ||
| Fortinet | FortiClient | FortiClientWindows versions 7.x antérieures à 7.2.13 | ||
| Fortinet | FortiSandbox | FortiSandbox versions 4.x antérieures à 4.4.8 | ||
| Fortinet | FortiAuthenticator | FortiAuthenticator versions 6.3.x à 6.6.x antérieures à 6.6.7 | ||
| Fortinet | FortiOS | FortiOS versions 7.6.x antérieures à 7.6.5 avec FSSO TS Agent version 5.0 build 0324 | ||
| Fortinet | FortiOS | FortiOS versions 6.x à 7.x antérieures à 7.4.10 avec FSSO TS Agent version 5.0 build 0324 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "FortiSandbox versions 5.0.x ant\u00e9rieures \u00e0 5.0.2",
"product": {
"name": "FortiSandbox",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiClientWindows versions 7.4.x ant\u00e9rieures \u00e0 7.4.5",
"product": {
"name": "FortiClient",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiClientWindows versions 7.x ant\u00e9rieures \u00e0 7.2.13",
"product": {
"name": "FortiClient",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSandbox versions 4.x ant\u00e9rieures \u00e0 4.4.8",
"product": {
"name": "FortiSandbox",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAuthenticator versions 6.3.x \u00e0 6.6.x ant\u00e9rieures \u00e0 6.6.7",
"product": {
"name": "FortiAuthenticator",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions 7.6.x ant\u00e9rieures \u00e0 7.6.5 avec FSSO TS Agent version 5.0 build 0324",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions 6.x \u00e0 7.x ant\u00e9rieures \u00e0 7.4.10 avec FSSO TS Agent version 5.0 build 0324",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-55018",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55018"
},
{
"name": "CVE-2025-62439",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-62439"
},
{
"name": "CVE-2026-21743",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21743"
},
{
"name": "CVE-2026-22153",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22153"
},
{
"name": "CVE-2025-68686",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68686"
},
{
"name": "CVE-2025-64157",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64157"
},
{
"name": "CVE-2025-52436",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52436"
},
{
"name": "CVE-2025-62676",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-62676"
}
],
"initial_release_date": "2026-02-11T00:00:00",
"last_revision_date": "2026-02-11T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0147",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-02-11T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Fortinet. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
"vendor_advisories": [
{
"published_at": "2026-02-10",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-795",
"url": "https://www.fortiguard.com/psirt/FG-IR-25-795"
},
{
"published_at": "2026-02-10",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-934",
"url": "https://www.fortiguard.com/psirt/FG-IR-25-934"
},
{
"published_at": "2026-02-10",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-1052",
"url": "https://www.fortiguard.com/psirt/FG-IR-25-1052"
},
{
"published_at": "2026-02-10",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-384",
"url": "https://www.fortiguard.com/psirt/FG-IR-25-384"
},
{
"published_at": "2026-02-10",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-093",
"url": "https://www.fortiguard.com/psirt/FG-IR-25-093"
},
{
"published_at": "2026-02-10",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-661",
"url": "https://www.fortiguard.com/psirt/FG-IR-25-661"
},
{
"published_at": "2026-02-10",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-528",
"url": "https://www.fortiguard.com/psirt/FG-IR-25-528"
},
{
"published_at": "2026-02-10",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-667",
"url": "https://www.fortiguard.com/psirt/FG-IR-25-667"
}
]
}
FKIE_CVE-2026-22153
Vulnerability from fkie_nvd - Published: 2026-02-10 16:16 - Updated: 2026-02-12 16:03
Severity
Summary
An Authentication Bypass by Primary Weakness vulnerability [CWE-305] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.4 may allow an unauthenticated attacker to bypass LDAP authentication of Agentless VPN or FSSO policy, when the remote LDAP server is configured in a specific way.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@fortinet.com | https://fortiguard.fortinet.com/psirt/FG-IR-25-1052 | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
"matchCriteriaId": "26DF2CCC-782C-4AE8-8CDE-13FFEE8676E6",
"versionEndExcluding": "7.6.5",
"versionStartIncluding": "7.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An Authentication Bypass by Primary Weakness vulnerability [CWE-305] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.4 may allow an unauthenticated attacker to bypass LDAP authentication of Agentless VPN or FSSO policy, when the remote LDAP server is configured in a specific way."
},
{
"lang": "es",
"value": "Una vulnerabilidad de omisi\u00f3n de autenticaci\u00f3n por debilidad primaria [CWE-305] en Fortinet FortiOS 7.6.0 hasta 7.6.4 podr\u00eda permitir a un atacante no autenticado omitir la autenticaci\u00f3n LDAP de la pol\u00edtica de VPN sin agente o FSSO, cuando el servidor LDAP remoto est\u00e1 configurado de una manera espec\u00edfica."
}
],
"id": "CVE-2026-22153",
"lastModified": "2026-02-12T16:03:10.500",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"source": "psirt@fortinet.com",
"type": "Secondary"
}
]
},
"published": "2026-02-10T16:16:11.050",
"references": [
{
"source": "psirt@fortinet.com",
"tags": [
"Vendor Advisory"
],
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-25-1052"
}
],
"sourceIdentifier": "psirt@fortinet.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-305"
}
],
"source": "psirt@fortinet.com",
"type": "Primary"
}
]
}
GHSA-P2R3-58QH-PHF8
Vulnerability from github – Published: 2026-02-10 18:30 – Updated: 2026-02-10 18:30
VLAI
Details
An Authentication Bypass by Primary Weakness vulnerability [CWE-305] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.4 may allow an unauthenticated attacker to bypass LDAP authentication of Agentless VPN or FSSO policy, when the remote LDAP server is configured in a specific way.
Severity
8.1 (High)
{
"affected": [],
"aliases": [
"CVE-2026-22153"
],
"database_specific": {
"cwe_ids": [
"CWE-305"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-02-10T16:16:11Z",
"severity": "HIGH"
},
"details": "An Authentication Bypass by Primary Weakness vulnerability [CWE-305] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.4 may allow an unauthenticated attacker to bypass LDAP authentication of Agentless VPN or FSSO policy, when the remote LDAP server is configured in a specific way.",
"id": "GHSA-p2r3-58qh-phf8",
"modified": "2026-02-10T18:30:39Z",
"published": "2026-02-10T18:30:39Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22153"
},
{
"type": "WEB",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-25-1052"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
NCSC-2026-0061
Vulnerability from csaf_ncscnl - Published: 2026-02-11 11:34 - Updated: 2026-02-11 11:34Summary
Kwetsbaarheden verholpen in Fortinet FortiOS
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten: Fortinet heeft kwetsbaarheden verholpen in FortiOS (Versies 7.0 tot 7.6.4, 7.4.0 tot 7.4.9, en 7.2.0 tot 7.2.11).
Interpretaties: De kwetsbaarheden omvatten een Authentication Bypass die ongeauthenticeerde aanvallers in staat stelt om LDAP-authenticatie te omzeilen voor Agentless VPN of FSSO-beleid, afhankelijk van specifieke configuraties van de LDAP-server. Daarnaast kunnen ongeauthenticeerde aanvallers gevoelige informatie blootleggen door patches te omzeilen via speciaal gemaakte HTTP-verzoeken. Er is ook een kwetsbaarheid die geauthenticeerde beheerders in staat stelt om ongeautoriseerde code uit te voeren via speciaal gemaakte configuraties, en een andere die geauthenticeerde gebruikers in staat stelt om FSSO-beleid configuraties te exploiteren voor ongeautoriseerde toegang tot beschermde netwerkbronnen. Beide kwetsbaarheden kunnen worden misbruikt via speciaal gemaakte verzoeken.
Oplossingen: Fortinet heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.
Kans: medium
Schade: high
CWE-134: Use of Externally-Controlled Format String
CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CWE-305: Authentication Bypass by Primary Weakness
CWE-940: Improper Verification of Source of a Communication Channel
A vulnerability in Fortinet FortiOS versions 7.6.0 to 7.6.4 allows unauthenticated attackers to bypass LDAP authentication for Agentless VPN or FSSO policy under specific LDAP server configurations.
8.1 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Fortinet / FortiOS
|
vers:unknown/* |
Fortinet FortiOS versions 7.6.0 to 7.6.1 and 7.4.0 to 7.4.6 have vulnerabilities allowing remote unauthenticated attackers to expose sensitive information by bypassing patches through crafted HTTP requests, contingent on prior compromises.
5.9 (Medium)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Fortinet / FortiOS
|
vers:unknown/* |
A vulnerability in Fortinet FortiOS versions 7.0 to 7.6.4 allows authenticated admins to execute unauthorized code through specially crafted configurations due to an externally-controlled format string issue.
6.7 (Medium)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Fortinet / FortiOS
|
vers:unknown/* |
Fortinet FortiOS versions 7.0 to 7.6.4 have vulnerabilities allowing authenticated users to exploit FSSO policy configurations for unauthorized access to network resources via crafted requests.
4.2 (Medium)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Fortinet / FortiOS
|
vers:unknown/* |
References
8 references
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE"
}
},
"lang": "nl",
"notes": [
{
"category": "legal_disclaimer",
"text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
},
{
"category": "description",
"text": "Fortinet heeft kwetsbaarheden verholpen in FortiOS (Versies 7.0 tot 7.6.4, 7.4.0 tot 7.4.9, en 7.2.0 tot 7.2.11).",
"title": "Feiten"
},
{
"category": "description",
"text": "De kwetsbaarheden omvatten een Authentication Bypass die ongeauthenticeerde aanvallers in staat stelt om LDAP-authenticatie te omzeilen voor Agentless VPN of FSSO-beleid, afhankelijk van specifieke configuraties van de LDAP-server. Daarnaast kunnen ongeauthenticeerde aanvallers gevoelige informatie blootleggen door patches te omzeilen via speciaal gemaakte HTTP-verzoeken. Er is ook een kwetsbaarheid die geauthenticeerde beheerders in staat stelt om ongeautoriseerde code uit te voeren via speciaal gemaakte configuraties, en een andere die geauthenticeerde gebruikers in staat stelt om FSSO-beleid configuraties te exploiteren voor ongeautoriseerde toegang tot beschermde netwerkbronnen. Beide kwetsbaarheden kunnen worden misbruikt via speciaal gemaakte verzoeken.",
"title": "Interpretaties"
},
{
"category": "description",
"text": "Fortinet heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.",
"title": "Oplossingen"
},
{
"category": "general",
"text": "medium",
"title": "Kans"
},
{
"category": "general",
"text": "high",
"title": "Schade"
},
{
"category": "general",
"text": "Use of Externally-Controlled Format String",
"title": "CWE-134"
},
{
"category": "general",
"text": "Exposure of Sensitive Information to an Unauthorized Actor",
"title": "CWE-200"
},
{
"category": "general",
"text": "Authentication Bypass by Primary Weakness",
"title": "CWE-305"
},
{
"category": "general",
"text": "Improper Verification of Source of a Communication Channel",
"title": "CWE-940"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "cert@ncsc.nl",
"name": "Nationaal Cyber Security Centrum",
"namespace": "https://www.ncsc.nl/"
},
"references": [
{
"category": "external",
"summary": "Reference",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-25-1052"
},
{
"category": "external",
"summary": "Reference",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-25-384"
},
{
"category": "external",
"summary": "Reference",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-25-795"
},
{
"category": "external",
"summary": "Reference",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-25-934"
}
],
"title": "Kwetsbaarheden verholpen in Fortinet FortiOS",
"tracking": {
"current_release_date": "2026-02-11T11:34:50.888067Z",
"generator": {
"date": "2025-08-04T16:30:00Z",
"engine": {
"name": "V.A.",
"version": "1.3"
}
},
"id": "NCSC-2026-0061",
"initial_release_date": "2026-02-11T11:34:50.888067Z",
"revision_history": [
{
"date": "2026-02-11T11:34:50.888067Z",
"number": "1.0.0",
"summary": "Initiele versie"
}
],
"status": "final",
"version": "1.0.0"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-1"
}
}
],
"category": "product_name",
"name": "FortiOS"
}
],
"category": "vendor",
"name": "Fortinet"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-22153",
"cwe": {
"id": "CWE-305",
"name": "Authentication Bypass by Primary Weakness"
},
"notes": [
{
"category": "other",
"text": "Authentication Bypass by Primary Weakness",
"title": "CWE-305"
},
{
"category": "description",
"text": "A vulnerability in Fortinet FortiOS versions 7.6.0 to 7.6.4 allows unauthenticated attackers to bypass LDAP authentication for Agentless VPN or FSSO policy under specific LDAP server configurations.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-22153 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-22153.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-22153"
},
{
"cve": "CVE-2025-68686",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "other",
"text": "Exposure of Sensitive Information to an Unauthorized Actor",
"title": "CWE-200"
},
{
"category": "description",
"text": "Fortinet FortiOS versions 7.6.0 to 7.6.1 and 7.4.0 to 7.4.6 have vulnerabilities allowing remote unauthenticated attackers to expose sensitive information by bypassing patches through crafted HTTP requests, contingent on prior compromises.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-68686 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-68686.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2025-68686"
},
{
"cve": "CVE-2025-64157",
"cwe": {
"id": "CWE-134",
"name": "Use of Externally-Controlled Format String"
},
"notes": [
{
"category": "other",
"text": "Use of Externally-Controlled Format String",
"title": "CWE-134"
},
{
"category": "description",
"text": "A vulnerability in Fortinet FortiOS versions 7.0 to 7.6.4 allows authenticated admins to execute unauthorized code through specially crafted configurations due to an externally-controlled format string issue.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-64157 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-64157.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2025-64157"
},
{
"cve": "CVE-2025-62439",
"cwe": {
"id": "CWE-940",
"name": "Improper Verification of Source of a Communication Channel"
},
"notes": [
{
"category": "other",
"text": "Improper Verification of Source of a Communication Channel",
"title": "CWE-940"
},
{
"category": "description",
"text": "Fortinet FortiOS versions 7.0 to 7.6.4 have vulnerabilities allowing authenticated users to exploit FSSO policy configurations for unauthorized access to network resources via crafted requests.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-62439 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-62439.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2025-62439"
}
]
}
WID-SEC-W-2026-0387
Vulnerability from csaf_certbund - Published: 2026-02-10 23:00 - Updated: 2026-02-10 23:00Summary
Fortinet FortiOS: Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: FortiOS ist ein gehärtetes Betriebssystem für FortiGate Plattformen.
Angriff: Ein Angreifer kann mehrere Schwachstellen in Fortinet FortiOS ausnutzen, um Sicherheitsvorkehrungen zu umgehen, Informationen offenzulegen oder Code auszuführen.
Betroffene Betriebssysteme: - Sonstiges
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Fortinet FortiOS <7.4.7
Fortinet / FortiOS
|
<7.4.7 | ||
|
Fortinet FortiOS <7.2.11
Fortinet / FortiOS
|
<7.2.11 | ||
|
Fortinet FortiOS <7.4.9
Fortinet / FortiOS
|
<7.4.9 | ||
|
Fortinet FortiOS <7.6.1
Fortinet / FortiOS
|
<7.6.1 | ||
|
Fortinet FortiOS <7.4.10
Fortinet / FortiOS
|
<7.4.10 |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Fortinet FortiOS <7.4.7
Fortinet / FortiOS
|
<7.4.7 | ||
|
Fortinet FortiOS <7.6.2
Fortinet / FortiOS
|
<7.6.2 | ||
|
Fortinet FortiOS <7.6.5
Fortinet / FortiOS
|
<7.6.5 | ||
|
Fortinet FortiOS <7.2.11
Fortinet / FortiOS
|
<7.2.11 | ||
|
Fortinet FortiOS <7.4.9
Fortinet / FortiOS
|
<7.4.9 | ||
|
Fortinet FortiOS <7.6.1
Fortinet / FortiOS
|
<7.6.1 | ||
|
Fortinet FortiOS <7.4.10
Fortinet / FortiOS
|
<7.4.10 |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Fortinet FortiOS <7.4.7
Fortinet / FortiOS
|
<7.4.7 | ||
|
Fortinet FortiOS <7.6.2
Fortinet / FortiOS
|
<7.6.2 | ||
|
Fortinet FortiOS <7.6.5
Fortinet / FortiOS
|
<7.6.5 | ||
|
Fortinet FortiOS <7.2.11
Fortinet / FortiOS
|
<7.2.11 | ||
|
Fortinet FortiOS <7.4.9
Fortinet / FortiOS
|
<7.4.9 | ||
|
Fortinet FortiOS <7.6.1
Fortinet / FortiOS
|
<7.6.1 | ||
|
Fortinet FortiOS <7.4.10
Fortinet / FortiOS
|
<7.4.10 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Fortinet FortiOS <7.4.7
Fortinet / FortiOS
|
<7.4.7 | ||
|
Fortinet FortiOS <7.6.2
Fortinet / FortiOS
|
<7.6.2 | ||
|
Fortinet FortiOS <7.2.11
Fortinet / FortiOS
|
<7.2.11 | ||
|
Fortinet FortiOS <7.6.1
Fortinet / FortiOS
|
<7.6.1 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Fortinet FortiOS <7.6.2
Fortinet / FortiOS
|
<7.6.2 | ||
|
Fortinet FortiOS <7.6.5
Fortinet / FortiOS
|
<7.6.5 | ||
|
Fortinet FortiOS <7.6.1
Fortinet / FortiOS
|
<7.6.1 |
References
7 references
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "FortiOS ist ein geh\u00e4rtetes Betriebssystem f\u00fcr FortiGate Plattformen.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann mehrere Schwachstellen in Fortinet FortiOS ausnutzen, um Sicherheitsvorkehrungen zu umgehen, Informationen offenzulegen oder Code auszuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Sonstiges",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2026-0387 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-0387.json"
},
{
"category": "self",
"summary": "WID-SEC-2026-0387 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-0387"
},
{
"category": "external",
"summary": "FG-IR-25-667 vom 2026-02-10",
"url": "https://www.fortiguard.com/psirt/FG-IR-25-667"
},
{
"category": "external",
"summary": "FG-IR-25-384 vom 2026-02-10",
"url": "https://www.fortiguard.com/psirt/FG-IR-25-384"
},
{
"category": "external",
"summary": "FG-IR-25-795 vom 2026-02-10",
"url": "https://www.fortiguard.com/psirt/FG-IR-25-795"
},
{
"category": "external",
"summary": "FG-IR-25-934 vom 2026-02-10",
"url": "https://www.fortiguard.com/psirt/FG-IR-25-934"
},
{
"category": "external",
"summary": "FG-IR-25-1052 vom 2026-02-10",
"url": "https://www.fortiguard.com/psirt/FG-IR-25-1052"
}
],
"source_lang": "en-US",
"title": "Fortinet FortiOS: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2026-02-10T23:00:00.000+00:00",
"generator": {
"date": "2026-02-11T11:27:31.759+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.5.0"
}
},
"id": "WID-SEC-W-2026-0387",
"initial_release_date": "2026-02-10T23:00:00.000+00:00",
"revision_history": [
{
"date": "2026-02-10T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c7.6.1",
"product": {
"name": "Fortinet FortiOS \u003c7.6.1",
"product_id": "1716490"
}
},
{
"category": "product_version",
"name": "7.6.1",
"product": {
"name": "Fortinet FortiOS 7.6.1",
"product_id": "1716490-fixed",
"product_identification_helper": {
"cpe": "cpe:/o:fortinet:fortios:7.6.1"
}
}
},
{
"category": "product_version_range",
"name": "\u003c7.6.2",
"product": {
"name": "Fortinet FortiOS \u003c7.6.2",
"product_id": "1749250"
}
},
{
"category": "product_version",
"name": "7.6.2",
"product": {
"name": "Fortinet FortiOS 7.6.2",
"product_id": "1749250-fixed",
"product_identification_helper": {
"cpe": "cpe:/o:fortinet:fortios:7.6.2"
}
}
},
{
"category": "product_version_range",
"name": "\u003c7.4.7",
"product": {
"name": "Fortinet FortiOS \u003c7.4.7",
"product_id": "1749251"
}
},
{
"category": "product_version",
"name": "7.4.7",
"product": {
"name": "Fortinet FortiOS 7.4.7",
"product_id": "1749251-fixed",
"product_identification_helper": {
"cpe": "cpe:/o:fortinet:fortios:7.4.7"
}
}
},
{
"category": "product_version_range",
"name": "\u003c7.2.11",
"product": {
"name": "Fortinet FortiOS \u003c7.2.11",
"product_id": "1749253"
}
},
{
"category": "product_version",
"name": "7.2.11",
"product": {
"name": "Fortinet FortiOS 7.2.11",
"product_id": "1749253-fixed",
"product_identification_helper": {
"cpe": "cpe:/o:fortinet:fortios:7.2.11"
}
}
},
{
"category": "product_version_range",
"name": "\u003c7.4.9",
"product": {
"name": "Fortinet FortiOS \u003c7.4.9",
"product_id": "271C0661-D58E-4867-A88B-806E9E5A58C2"
}
},
{
"category": "product_version",
"name": "7.4.9",
"product": {
"name": "Fortinet FortiOS 7.4.9",
"product_id": "271C0661-D58E-4867-A88B-806E9E5A58C2-fixed",
"product_identification_helper": {
"cpe": "cpe:/o:fortinet:fortios:7.4.9"
}
}
},
{
"category": "product_version_range",
"name": "\u003c7.6.5",
"product": {
"name": "Fortinet FortiOS \u003c7.6.5",
"product_id": "5B7BBCC2-74D5-47C8-A476-15E5ADBC7959"
}
},
{
"category": "product_version",
"name": "7.6.5",
"product": {
"name": "Fortinet FortiOS 7.6.5",
"product_id": "5B7BBCC2-74D5-47C8-A476-15E5ADBC7959-fixed",
"product_identification_helper": {
"cpe": "cpe:/o:fortinet:fortios:7.6.5"
}
}
},
{
"category": "product_version_range",
"name": "\u003c7.4.10",
"product": {
"name": "Fortinet FortiOS \u003c7.4.10",
"product_id": "6C9CC0B8-922F-4139-A702-7FA7D64C24A2"
}
},
{
"category": "product_version",
"name": "7.4.10",
"product": {
"name": "Fortinet FortiOS 7.4.10",
"product_id": "6C9CC0B8-922F-4139-A702-7FA7D64C24A2-fixed",
"product_identification_helper": {
"cpe": "cpe:/o:fortinet:fortios:7.4.10"
}
}
}
],
"category": "product_name",
"name": "FortiOS"
}
],
"category": "vendor",
"name": "Fortinet"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-55018",
"product_status": {
"known_affected": [
"1749251",
"1749253",
"271C0661-D58E-4867-A88B-806E9E5A58C2",
"1716490",
"6C9CC0B8-922F-4139-A702-7FA7D64C24A2"
]
},
"release_date": "2026-02-10T23:00:00.000+00:00",
"title": "CVE-2025-55018"
},
{
"cve": "CVE-2025-62439",
"product_status": {
"known_affected": [
"1749251",
"1749250",
"5B7BBCC2-74D5-47C8-A476-15E5ADBC7959",
"1749253",
"271C0661-D58E-4867-A88B-806E9E5A58C2",
"1716490",
"6C9CC0B8-922F-4139-A702-7FA7D64C24A2"
]
},
"release_date": "2026-02-10T23:00:00.000+00:00",
"title": "CVE-2025-62439"
},
{
"cve": "CVE-2025-64157",
"product_status": {
"known_affected": [
"1749251",
"1749250",
"5B7BBCC2-74D5-47C8-A476-15E5ADBC7959",
"1749253",
"271C0661-D58E-4867-A88B-806E9E5A58C2",
"1716490",
"6C9CC0B8-922F-4139-A702-7FA7D64C24A2"
]
},
"release_date": "2026-02-10T23:00:00.000+00:00",
"title": "CVE-2025-64157"
},
{
"cve": "CVE-2025-68686",
"product_status": {
"known_affected": [
"1749251",
"1749250",
"1749253",
"1716490"
]
},
"release_date": "2026-02-10T23:00:00.000+00:00",
"title": "CVE-2025-68686"
},
{
"cve": "CVE-2026-22153",
"product_status": {
"known_affected": [
"1749250",
"5B7BBCC2-74D5-47C8-A476-15E5ADBC7959",
"1716490"
]
},
"release_date": "2026-02-10T23:00:00.000+00:00",
"title": "CVE-2026-22153"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…