Advisories the vendor has revised
CVSSv3 Score: 6.2 An improper access control vulnerability [CWE-284] in FortiPortal API endpoints may allow a remote privileged attacker with organization user role to obtain sensitive network configuration data via crafted HTTP requests. Revised on 2026-06-09 00:00:00
CVSSv3 Score: 6.0 An Internal Asset Exposed to Unsafe Debug Access Level or State vulnerability [CWE-1244] in FortiOS and FortiProxy may allow an authenticated admin to execute lua scripts via crafted CLI commands. Revised on 2026-06-09 00:00:00
CVSSv3 Score: 4.0 An Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability [CWE-88] in FortiDeceptor WEB UI may allow an authenticated attacker with at least read-only admin permission to read log files via HTTP crafted requests. Revised on 2026-05-12 00:00:00
CVSSv3 Score: 6.1 An improper neutralization of special elements used in an OS command ("OS Command Injection") vulnerability [CWE-78] in FortiAP, FortiAP-U & FortiAP-W2 CLI may allow an authenticated privileged attacker to execute unauthorized code or commands via crafted CLI requests. Revised on 2026-05-12 00:00:00
CVSSv3 Score: 5.2 A use of potentially Dangerous Function vulnerability [CWE-676] in FortiAnalyzer and FortiManager API may allow an authenticated attacker to cause a system hang via multiple specially crafted HTTP requests causing crashes. This happens if internal locks are aligned, which is out of control of the attacker. Revised on 2026-05-12 00:00:00
CVSSv3 Score: 6.5 An OS command injection vulnerabtility [CWE-78] in FortiAP and FortiAP-W2 cli may allow an authenticated attacker to execute unauthorized code or commands via a specifically crafted cli command. Revised on 2026-05-12 00:00:00
CVSSv3 Score: 5.0 An improper export of Android application components [CWE-926] in FortiTokenAndroid may allow other applications on the device to read the OTP code via an exported Content Provider URI. Revised on 2026-05-12 00:00:00
CVSSv3 Score: 6.3 An improper neutralization of special elements used in an SQL Command ('SQL Injection') vulnerability [CWE-89] in FortiMail may allow an authenticated privileged attacker to execute unauthorized code or commands via specifically crafted HTTP or HTTPS requests. Revised on 2026-05-12 00:00:00
CVSSv3 Score: 5.1 An improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability [CWE-89] in FortiNDR may allow an authenticated attacker to execute arbitrary SQL commands on selected databases and tables via specifically crafted HTTP requests. Revised on 2026-05-12 00:00:00
CVSSv3 Score: 6.7 An out-of-bounds write vulnerability [CWE-787] in FortiWeb CGI daemon may allow a remote privileged attacker to execute arbitrary code or command via crafted HTTP requests. Revised on 2026-04-15 00:00:00
CVSSv3 Score: 6.7 An Improper authentication vulnerability [CWE-287] in FortiSOAR web GUI may allow an unauthenticated attacker to bypass authentication via replaying captured 2FA request. The attack requires being able to intercept and decrypt authentication traffic and precise timing to replay the request before token expiration.
CVSSv3 Score: 6.2 An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability [CWE-22] in FortiSandbox, FortiSandbox Cloud, FortiSandbox PaaS and FortiSandbox Cloud WEB UI may allow a privileged attacker with super-admin profile and CLI access to delete an arbitrary directory via HTTP crafted requests.
CVSSv3 Score: 4.1 A Storing Passwords in a Recoverable Format vulnerability [CWE-257] in FortiSOAR may allow an authenticated remote attacker to retrieve Service account password via server address modification in LDAP configuration. Revised on 2026-04-14 00:00:00
CVSSv3 Score: 4.1 A Storing Passwords in a Recoverable Format vulnerability [CWE-257] in FortiSOAR may allow an authenticated remote attacker to retrieve passwords for multiple installed connectors via server address modification in connector configuration. Revised on 2026-04-14 00:00:00
CVSSv3 Score: 6.2 A Cleartext Transmission of Sensitive Information vulnerability [CWE-319] in FortiSOAR may allow an authenticated attacker to view cleartext password in response for Secure Message Exchange and Radius queries, if configured Revised on 2026-04-14 00:00:00
CVSSv3 Score: 5.2 A use of hard-coded cryptographic key vulnerability [CWE 321] in FortiClientEMS may allow an attacker in possession of an encrypted dump of the database to decrypt it. Revised on 2026-04-14 00:00:00
CVSSv3 Score: 4.4 An Integer Overflow or Wraparound vulnerability [CWE-190] in FortiWeb may allow a privileged authenticated attacker to perform a denial of service of the system via crafted HTTP requests. Revised on 2026-04-14 00:00:00
CVSSv3 Score: 6.2 A missing authentication for critical function vulnerability [CWE-306] in FortiOS and FortiSwitchManager CAPWAP daemon may allow a local unauthenticated attacker on the same local IP subnet to write device configuration via specially crafted requests.
CVSSv3 Score: 6.2 Multiple Relative Path Traversal vulnerabilities [CWE-23] in FortiWeb may allow a local privileged attacker to execute unauthorized code on the underlying system via crafted CLI commands. Revised on 2026-04-14 00:00:00
CVSSv3 Score: 4.3 An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability [CWE-79] in FortiSandbox and FortiSandbox Cloud may allow a privileged attacker to perform a stored XSS attack via crafted HTTP requests. Revised on 2026-04-14 00:00:00
CVSSv3 Score: 5.4 An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') [CWE-22] in the command line interpreter of FortiOS, FortiPAM, FortiProxy and FortiSwitchManager may allow a privileged attacker to achieve arbitrary write or delete files via specifically crafted arguments to existing commands. Revised on 2026-04-14 00:00:00
CVSSv3 Score: 5.4 An improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in FortiAnalyzer, FortiAnalyzer Cloud, FortiManager and FortiManager Cloud may allow a privileged attacker to delete files from the underlying filesystem via crafted CLI requests. Revised on 2026-04-14 00:00:00
CVSSv3 Score: 6.2 An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability [CWE-22] in FortiSOAR may allow an authenticated remote attacker to perform path traversal attack via File Content Extraction actions. Revised on 2026-04-14 00:00:00
CVSSv3 Score: 4.9 An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability [CWE-79] in FortiSandbox and FortiSandbox Cloud may allow an attacker to perform an XSS attack via crafted HTTP requests. Revised on 2026-04-14 00:00:00
CVSSv3 Score: 6.8 An improper neutralization of special elements used in an SQL command ('SQL injection') [CWE-89] in FortiAnalyzer, FortiAnalyzer Cloud, FortiManager and FortiManager Cloud may allow an authenticated privileged attacker to execute unauthorized code or commands via crafted requests. Revised on 2026-04-14 00:00:00
CVSSv3 Score: 4.1 A Server-Side request forgery (SSRF) vulnerability [CWE-918] in FortiSOAR may allow an authenticated attacker to discover services running on local ports via crafted requests. Revised on 2026-04-14 00:00:00
CVSSv3 Score: 4.4 An Improper neutralization of input during web page generation ('cross-site scripting') vulnerability [CWE-79] in FortiSOAR may allow an authenticated remote attacker to perform a stored cross site scripting (XSS) attack via crafted HTTP Requests. Revised on 2026-04-14 00:00:00
CVSSv3 Score: 5.4 An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiNDR and FortiVoice may allow a remote authenticated attacker with at least read-only permission on system maintenance to access backup information via crafted HTTP requests. Revised on 2026-04-14 00:00:00
CVSSv3 Score: 6.7 An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78] in FortiSandbox Cloud and FortiSandbox PaaS WEB UI may allow a privileged attacker with super-admin profile and CLI access to execute unauthorized code or commands via crafted HTTP requests. Revised on 2026-03-26 00:00:00
CVSSv3 Score: 5.9 CVE-2025-26466A flaw was found in the OpenSSH package. For each ping packet the SSH server receives, a pong packet is allocated in a memory buffer and stored in a queue of packages. It is only freed when the server/client key exchange has finished.
Discuss the latest advisories, swap patch-day notes with other infra teams, and get support — straight from the people who run VulniPulse.
Join the communityIf you want to support server/domain costs, please donate below — much love ❤️
Donate