OS command injection on vmimages update feature
CVSSv3 Score: 6.7 An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78] in FortiSandbox Cloud and FortiSandbox …
Security & Lifecycle News
Aggregated from vendor advisories, security research, and industry publications.
Stack-based Buffer Overflow in API protection
CVSSv3 Score: 5.9 A Stack-based Buffer Overflow vulnerability [CWE-121] in FortiWeb may allow a remote authenticated attacker to execute arbitrary code or commands via crafte…
Buffer Overflow in LLDP OUI field
CVSSv3 Score: 7.7 A Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability [CWE-120] in FortiSwitchAXFixed may allow an unauthenticated attacker…
Protected hostname bypass
CVSSv3 Score: 5.0 An authentication bypass by spoofing [CWE-290] vulnerability in FortiWeb protected hostname feature may allow a remote unauthenticated attacker to bypass ho…
SQL injection in jsonrpc api
CVSSv3 Score: 5.6 An Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability [CWE-89] in FortiAnalyzer and FortiAnalyzer-BigData AP…
Stack buffer overflow in API
CVSSv3 Score: 5.9 A Stack-based Buffer Overflow vulnerability [CWE-121] in FortiWeb may allow a remote authenticated attacker who can bypass stack protection and ASLR to exec…
Insecure Exposure of Plaintext Passwords in Debug Logs
CVSSv3 Score: 3.8 A Cleartext Storage of Sensitive Information vulnerability [CWE-312] in FortiMail, FortiVoice and FortiRecorder debug logs may allow an authenticated malici…
Lack of TLS Certificate Validation during initial SSO Authentication
CVSSv3 Score: 6.3 An improper certificate validation [CWE-295] vulnerability in the FortiManager GUI may allow a remote unauthenticated attacker to view confidential informat…
Reflected Cross Site Scripting (XSS) in error page
CVSSv3 Score: 4.1 An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') [CWE-79] in FortiSIEM's error page may allow a remote unauthenticate…
Local privilege escalation via improper symlink following
CVSSv3 Score: 7.4 A UNIX symbolic link (Symlink) Following vulnerability [CWE-61] in FortiClientLinux may allow a local and unprivileged user to escalate their privileges to …
MFA Bypass in GUI
CVSSv3 Score: 6.8 An authentication bypass using an alternate path or channel vulnerability [CWE-288] in FortiManager and FortiAnalyzer multifactor authentication may allow a…
Null Pointer Dereference in Anti-Defacement feature
CVSSv3 Score: 2.5 A NULL Pointer Dereference vulnerability [CWE-476] in FortiWeb may allow an authenticated attacker to crash the HTTP daemon via crafted HTTP requests. …
Authentication Lockout Bypass via Race Condition
CVSSv3 Score: 3.4 An improper restriction of excessive authentication attempts vulnerability [CWE-307] in FortiManager and FortiAnalyzer may allow an attacker to bypass brute…
OS Command injection in FortiWeb API
CVSSv3 Score: 6.7 An OS Command Injection vulnerability [CWE-78] in FortiWeb API may allow an authenticated attacked to execute arbitrary commands via a specialy crafted HTTP…
Path traversal vulnerability in FortiSOAR Agent Connector Bridge server
CVSSv3 Score: 5.5 An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability [CWE-22] in FortiSOAR Agent Connector Bridge may allow an un…
Privilege escalation using undocumented CLI command
CVSSv3 Score: 6.4 An Inclusion of Undocumented Features [CWE-1242] in FortiManager and FortiAnalyzer CLI may allow a remote authenticated read-only admin with CLI access to e…
How AI Assistants are Moving the Security Goalposts
AI-based assistants or "agents" -- autonomous programs that have access to the user's computer, files, online services and can automate virtually any task -- are growing in popular…
SSL-VPN Symlink Persistence Patch Bypass
CVSSv3 Score: 5.3 An Exposure of Sensitive Information to an Unauthorized Actor vulnerability [CWE-200] in FortiOS SSL-VPN may allow a remote unauthenticated attacker to bypa…
OpenSSL CVE-2025-15467
CVSSv3 Score: 9.8 CVE-2025-15467Parsing CMS AuthEnvelopedData message with maliciously crafted AEAD parameters can trigger a stack buffer overflow. A stack buffer overflow ma…