Low2.5Fortinet
FortiWeb: NULL Pointer Dereference vulnerability [CWE-476] vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.2, FortiWeb 7…
CVE-2026-24641 Published Mar 10, 2026Updated by vendor Jun 17, 2026
CVE-2026-24641
Affected products & platforms
FortinetFortiWeb
Summary
A NULL Pointer Dereference vulnerability [CWE-476] vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.2, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4 all versions, FortiWeb 7.2 all versions, FortiWeb 7.0 all versions may allow an authenticated attacker to crash the HTTP daemon via crafted HTTP requests.
Affected versions
- FortiWeb 8.0: 8.0.0 through 8.0.2
- FortiWeb 7.6: 7.6.0 through 7.6.6
- FortiWeb 7.4: 7.4 all versions
- FortiWeb 7.2: 7.2 all versions
- FortiWeb 7.0: 7.0 all versions
Official advisory · high-confidence parse· fetched 7 hours ago·verify at source
Fixed versions
- FortiWeb 8.0: 8.0.3
- FortiWeb 7.6: 7.6.7
- FortiWeb 7.4: migrate to a fixed release
- FortiWeb 7.2: migrate to a fixed release
- FortiWeb 7.0: migrate to a fixed release
Official advisory · high-confidence parse· fetched 7 hours ago·verify at source
Mitigation checklist
Recommended fix / mitigation
- Upgrade per the Affected/Solution table: FortiWeb 8.0: 8.0.3; FortiWeb 7.6: 7.6.7; FortiWeb 7.4: migrate to a fixed release; FortiWeb 7.2: migrate to a fixed release; FortiWeb 7.0: migrate to a fixed release.
Official advisory · high-confidence parse· fetched 7 hours ago·verify at source
Discussion(0)
No comments yet. Share field notes, upgrade gotchas, or questions — verify against the vendor advisory before acting on community advice.
Sign in to join the discussion.