High7.3Fortinet Updated
Heap-based buffer overflow in oftpd daemon
FG-IR-26-121 Published Apr 14, 2026Updated by vendor Apr 14, 2026
CVE-2026-22828
Affected products & platforms
FortinetFortiAnalyzer
Summary
CVSSv3 Score: 7.3 A heap-based buffer overflow vulnerability [CWE-122] in FortiAnalyzer Cloud oftpd daemon may allow a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests.
Affected versions
- FortiAnalyzer Cloud 7.6: 7.6.2 through 7.6.4
- FortiManager Cloud 7.6: 7.6.2 through 7.6.4
Official advisory · high-confidence parse· fetched 1 day ago·verify at source
Fixed versions
- FortiAnalyzer Cloud 7.6: 7.6.5
- FortiManager Cloud 7.6: 7.6.5
Official advisory · high-confidence parse· fetched 1 day ago·verify at source
Mitigation checklist
Recommended fix / mitigation
- Upgrade per the Affected/Solution table: FortiAnalyzer Cloud 7.6: 7.6.5; FortiManager Cloud 7.6: 7.6.5.
Official advisory · high-confidence parse· fetched 1 day ago·verify at source
Discussion(0)
No comments yet. Share field notes, upgrade gotchas, or questions — verify against the vendor advisory before acting on community advice.
Sign in to join the discussion.