Fortinet

197 CVEs tracked in the last 90 days

197 Total CVEs

21 Critical

60 High

100 Medium

16 Low

Severity Distribution

Critical 21 (10.7%)

High 60 (30.5%)

Medium 100 (50.8%)

Low 16 (8.1%)

Top Affected Products

fortinet fortisandbox 29

fortinet fortiweb 28

fortinet fortios 20

fortinet fortiproxy 17

fortinet forticlient 16

fortinet fortimanager 13

fortinet fortimail 11

fortinet fortimanager cloud 10

CVSS Score Distribution

Latest CVEs

CVE ID	Severity	CVSS	Description	Published	Modified
CVE-2025-53870	medium	6.5	An improper neutralization of special elements used in an os command ('os command injection') vulner…	May 12, 2026	May 13, 2026
CVE-2025-53680	medium	6.1	An improper neutralization of special elements used in an OS command ("OS Command Injection") vulner…	May 12, 2026	May 13, 2026
CVE-2025-53681	medium	6.3	An improper neutralization of special elements used in an SQL Command ("SQL Injection&") vulnerabili…	May 12, 2026	May 13, 2026
CVE-2025-53844	high	8.3	A out-of-bounds write vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7…	May 12, 2026	May 13, 2026
CVE-2026-44277	critical	9.1	A improper access control vulnerability in Fortinet FortiAuthenticator 8.0.2, FortiAuthenticator 8.0…	May 12, 2026	May 13, 2026
CVE-2026-26083	critical	9.1	A missing authorization vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.1, FortiSandbox 4.4…	May 12, 2026	May 13, 2026
CVE-2026-40688	high	7.2	An out-of-bounds write vulnerability [CWE-787] vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.…	Apr 14, 2026	Apr 20, 2026
CVE-2026-39815	high	8.8	A improper neutralization of special elements used in an sql command ('sql injection') vulnerability…	Apr 14, 2026	Apr 20, 2026
CVE-2026-39814	medium	6.7	A relative path traversal vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.2, FortiWeb 7.6.0 thr…	Apr 14, 2026	Apr 21, 2026
CVE-2026-39813	critical	9.8	A path traversal: '../filedir' vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSand…	Apr 14, 2026	Apr 20, 2026
CVE-2026-39812	medium	4.8	A improper neutralization of input during web page generation ('cross-site scripting') vulnerability…	Apr 14, 2026	Apr 21, 2026
CVE-2026-39811	medium	4.9	A integer overflow or wraparound vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.3, FortiWeb 7.…	Apr 14, 2026	Apr 21, 2026
CVE-2026-39810	medium	6.0	A use of hard-coded cryptographic key vulnerability in Fortinet FortiClientEMS 7.4.0 through 7.4.5 m…	Apr 14, 2026	Apr 21, 2026
CVE-2026-39809	medium	6.7	A improper neutralization of special elements used in an sql command ('sql injection') vulnerability…	Apr 14, 2026	Apr 21, 2026
CVE-2026-39808	critical	9.8	A improper neutralization of special elements used in an os command ('os command injection') vulnera…	Apr 14, 2026	Apr 22, 2026
CVE-2026-27316	low	2.7	A insufficiently protected credentials vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, F…	Apr 14, 2026	Apr 22, 2026
CVE-2026-25691	medium	6.7	A improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in Fo…	Apr 14, 2026	Apr 22, 2026
CVE-2026-23708	high	7.5	A improper authentication vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.3, FortiSOAR Pa…	Apr 14, 2026	May 6, 2026
CVE-2026-22828	high	8.1	A heap-based buffer overflow vulnerability in Fortinet FortiAnalyzer Cloud 7.6.2 through 7.6.4, Fort…	Apr 14, 2026	May 1, 2026
CVE-2026-22576	medium	4.3	A storing passwords in a recoverable format vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7…	Apr 14, 2026	May 6, 2026
CVE-2026-22574	medium	4.1	A storing passwords in a recoverable format vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7…	Apr 14, 2026	May 6, 2026
CVE-2026-22573	medium	6.5	An improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in F…	Apr 14, 2026	May 6, 2026
CVE-2026-22155	medium	6.5	A cleartext transmission of sensitive information vulnerability in Fortinet FortiSOAR PaaS 7.6.0 thr…	Apr 14, 2026	May 6, 2026
CVE-2026-22154	medium	4.6	An improper neutralization of input during web page generation ('cross-site scripting') vulnerabilit…	Apr 14, 2026	May 6, 2026
CVE-2026-21742	medium	5.7	A cleartext transmission of sensitive information vulnerability in Fortinet FortiSOAR PaaS 7.6.0 thr…	Apr 14, 2026	May 6, 2026