SSRF via Report template and scheduling
CVSSv3 Score: 4.1 A Server-Side request forgery (SSRF) vulnerability [CWE-918] in FortiSOAR may allow an authenticated attacker to discover services running on local ports vi…
Security & Lifecycle News
Aggregated from vendor advisories, security research, and industry publications.
Unauthenticated Authentication bypass and Privilege escalation in FortiSandbox
CVSSv3 Score: 9.1 A Path Traversal vulnerability [CWE-24] in FortiSandbox JRPC API may allow an unauthenticated attacker to bypass authentication via specially crafted HTTP …
Stored Cross Site Scripting (XSS) in Reports View page
CVSSv3 Score: 4.4 An Improper neutralization of input during web page generation ('cross-site scripting') vulnerability [CWE-79] in FortiSOAR may allow an authenticated remot…
SQL Injection via JSON RPC API
CVSSv3 Score: 6.8 An improper neutralization of special elements used in an SQL command ('SQL injection') [CWE-89] in FortiAnalyzer, FortiAnalyzer Cloud, FortiManager and For…
unauthorized backup file access
CVSSv3 Score: 5.4 An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiNDR and FortiVoice may allow a remote authenticated attacker w…
Reflected XSS in Operation Center
CVSSv3 Score: 4.9 An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability [CWE-79] in FortiSandbox and FortiSandbox Cloud may al…
2FA request can be replayed without a valid token after one successful request
CVSSv3 Score: 6.7 An Improper authentication vulnerability [CWE-287] in FortiSOAR web GUI may allow an unauthenticated attacker to bypass authentication via replaying capture…
Cleartext Credentials in response for API endpoints
CVSSv3 Score: 6.2 A Cleartext Transmission of Sensitive Information vulnerability [CWE-319] in FortiSOAR may allow an authenticated attacker to view cleartext password in re…
Arbitrary directory delete on vmimages delete feature
CVSSv3 Score: 6.2 An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability [CWE-22] in FortiSandbox, FortiSandbox Cloud, FortiSandbox P…
Clear-text credentials retrievable with IP modification for connectors
CVSSv3 Score: 4.1 A Storing Passwords in a Recoverable Format vulnerability [CWE-257] in FortiSOAR may allow an authenticated remote attacker to retrieve passwords for multip…
Axios npm Package Compromised
On March 31, 2026, the Axios npm package was compromised via a maintainer account takeover. Two malicious versions were published - [email protected] and [email protected] - which introduced…
Clear-text credentials retrievable with IP modification for LDAP
CVSSv3 Score: 4.1 A Storing Passwords in a Recoverable Format vulnerability [CWE-257] in FortiSOAR may allow an authenticated remote attacker to retrieve Service account pass…
API authentication and authorization bypass
CVSSv3 Score: 9.1 An Improper Access Control vulnerability [CWE-284] in FortiClient EMS may allow an unauthenticated attacker to execute unauthorized code or commands via cra…
OS Command injection in FortiWeb API
CVSSv3 Score: 6.7 An OS Command Injection vulnerability [CWE-78] in FortiWeb API may allow an authenticated attacked to execute arbitrary commands via a specialy crafted HTTP…
OS command injection on vmimages update feature
CVSSv3 Score: 6.7 An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78] in FortiSandbox Cloud and FortiSandbox …
Null Pointer Dereference in Anti-Defacement feature
CVSSv3 Score: 2.5 A NULL Pointer Dereference vulnerability [CWE-476] in FortiWeb may allow an authenticated attacker to crash the HTTP daemon via crafted HTTP requests. …
MFA Bypass in GUI
CVSSv3 Score: 6.8 An authentication bypass using an alternate path or channel vulnerability [CWE-288] in FortiManager and FortiAnalyzer multifactor authentication may allow a…
Local privilege escalation via improper symlink following
CVSSv3 Score: 7.4 A UNIX symbolic link (Symlink) Following vulnerability [CWE-61] in FortiClientLinux may allow a local and unprivileged user to escalate their privileges to …
Lack of TLS Certificate Validation during initial SSO Authentication
CVSSv3 Score: 6.3 An improper certificate validation [CWE-295] vulnerability in the FortiManager GUI may allow a remote unauthenticated attacker to view confidential informat…
Insecure Exposure of Plaintext Passwords in Debug Logs
CVSSv3 Score: 3.8 A Cleartext Storage of Sensitive Information vulnerability [CWE-312] in FortiMail, FortiVoice and FortiRecorder debug logs may allow an authenticated malici…
Format string vulnerability in fazsvcd
CVSSv3 Score: 6.5 A use of externally-controlled format string vulnerability [CWE-134] in FortiAnalyzer, FortiAnalyzer Cloud, FortiManager and FortiManager Cloud fazsvcd daem…
Buffer overflow via fgtupdates service
CVSSv3 Score: 7.0 A Stack-based Buffer Overflow vulnerability [CWE-121] in FortiManager fgtupdates service may allow a remote unauthenticated attacker to execute unauthorized…
Buffer Overflow in LLDP OUI field
CVSSv3 Score: 7.7 A Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability [CWE-120] in FortiSwitchAXFixed may allow an unauthenticated attacker…
Authentication rate-limit bypass permits to brute force admin logins
CVSSv3 Score: 7.3 An Improper Control of Interaction Frequency vulnerability [CWE-799] in FortiWeb may allow a remote unauthenticated attacker to bypass the authentication ra…
Arbitrary file deletion in administrative interface
CVSSv3 Score: 6.0 An Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability [CWE-88] in FortiDeceptor WEBUI may allow a privileged a…
Reflected Cross Site Scripting (XSS) in error page
CVSSv3 Score: 4.1 An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') [CWE-79] in FortiSIEM's error page may allow a remote unauthenticate…
Authentication Lockout Bypass via Race Condition
CVSSv3 Score: 3.4 An improper restriction of excessive authentication attempts vulnerability [CWE-307] in FortiManager and FortiAnalyzer may allow an attacker to bypass brute…
Path traversal vulnerability in FortiSOAR Agent Connector Bridge server
CVSSv3 Score: 5.5 An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability [CWE-22] in FortiSOAR Agent Connector Bridge may allow an un…
Stack buffer overflow in API
CVSSv3 Score: 5.9 A Stack-based Buffer Overflow vulnerability [CWE-121] in FortiWeb may allow a remote authenticated attacker who can bypass stack protection and ASLR to exec…
Stack-based Buffer Overflow in API protection
CVSSv3 Score: 5.9 A Stack-based Buffer Overflow vulnerability [CWE-121] in FortiWeb may allow a remote authenticated attacker to execute arbitrary code or commands via crafte…