Fortinet

39 CVEs tracked in the last 90 days

39 Total CVEs

4 Critical

14 High

17 Medium

4 Low

Severity Distribution

Critical 4 (10.3%)

High 14 (35.9%)

Medium 17 (43.6%)

Low 4 (10.3%)

Top Affected Products

fortinet fortiweb 7

fortinet fortios 6

fortinet fortimanager 4

fortinet fortianalyzer 4

fortinet fortisandbox 3

fortinet fortisiem 2

fortinet fortivoice 2

fortinet forticlientems 2

Latest CVEs

CVE ID	Severity	CVSS	Description	Date
CVE-2026-30897	medium	6.6	A stack-based buffer overflow vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.3, FortiWeb 7.6.0…	Mar 10, 2026
CVE-2026-25972	medium	4.3	An improper neutralization of input during web page generation ('cross-site scripting') vulnerabilit…	Mar 10, 2026
CVE-2026-25836	high	7.2	An improper neutralization of special elements used in an os command ('os command injection') vulner…	Mar 10, 2026
CVE-2026-25689	medium	6.5	An improper neutralization of argument delimiters in a command ('argument injection') vulnerability …	Mar 10, 2026
CVE-2026-24641	low	2.7	A NULL Pointer Dereference vulnerability [CWE-476] vulnerability in Fortinet FortiWeb 8.0.0 through …	Mar 10, 2026
CVE-2026-24640	medium	6.6	A Stack-based Buffer Overflow vulnerability [CWE-121] vulnerability in Fortinet FortiWeb 8.0.0 throu…	Mar 10, 2026
CVE-2026-24018	high	7.8	A UNIX symbolic link (Symlink) following vulnerability in Fortinet FortiClientLinux 7.4.0 through 7.…	Mar 10, 2026
CVE-2026-24017	high	8.1	An Improper Control of Interaction Frequency vulnerability [CWE-799] vulnerability in Fortinet Forti…	Mar 10, 2026
CVE-2026-22629	low	3.7	An improper restriction of excessive authentication attempts vulnerability in Fortinet FortiAnalyzer…	Mar 10, 2026
CVE-2026-22628	medium	5.3	An improper access control vulnerability in Fortinet FortiSwitchAXFixed 1.0.0 through 1.0.1 may allo…	Mar 10, 2026
CVE-2026-22627	high	8.8	A buffer copy without checking size of input ('classic buffer overflow') vulnerability in Fortinet F…	Mar 10, 2026
CVE-2026-22572	high	7.2	An authentication bypass using an alternate path or channel vulnerability in Fortinet FortiAnalyzer …	Mar 10, 2026
CVE-2025-68648	high	7.2	A use of externally-controlled format string vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7…	Mar 10, 2026
CVE-2025-68482	medium	6.9	A improper certificate validation vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, Forti…	Mar 10, 2026
CVE-2025-66178	high	7.2	A improper neutralization of special elements used in an os command ('os command injection') vulnera…	Mar 10, 2026
CVE-2025-55717	medium	4.0	A cleartext storage of sensitive information vulnerability [CWE-312] vulnerability in Fortinet Forti…	Mar 10, 2026
CVE-2025-54820	high	8.1	A Stack-based Buffer Overflow vulnerability [CWE-121] vulnerability in Fortinet FortiManager 7.4.0 t…	Mar 10, 2026
CVE-2025-54659	medium	5.8	An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability [CWE…	Mar 10, 2026
CVE-2025-53608	medium	4.8	An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerabilit…	Mar 10, 2026
CVE-2025-49784	medium	6.0	An improper neutralization of special elements used in an sql command ('sql injection') vulnerabilit…	Mar 10, 2026
CVE-2025-48840	medium	5.3	An authentication bypass by spoofing vulnerability in Fortinet FortiWeb 7.6.0 through 7.6.3, FortiWe…	Mar 10, 2026
CVE-2025-48418	medium	6.7	A hidden functionality vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.3, FortiAnalyzer 7.…	Mar 10, 2026
CVE-2026-22153	high	8.1	An Authentication Bypass by Primary Weakness vulnerability [CWE-305] vulnerability in Fortinet Forti…	Feb 10, 2026
CVE-2026-21743	high	7.2	A missing authorization vulnerability in Fortinet FortiAuthenticator 6.6.0 through 6.6.6, FortiAuthe…	Feb 10, 2026
CVE-2025-68686	medium	5.9	An Exposure of Sensitive Information to an Unauthorized Actor vulnerability [CWE-200] vulnerability …	Feb 10, 2026