virus logo PSIRT Advisories

The following is a list of advisories for issues resolved in Fortinet products. The resolution of such issues is coordinated by the Fortinet Product Security Incident Response Team (PSIRT), a dedicated, global team that manages the receipt, investigation, and public reporting of information about security vulnerabilities and issues related to Fortinet products and services.  

For details of how to raise a PSIRT Issue with Fortinet, please see our PSIRT Policy here. And, for recommended upgrade path, see our Upgrade Path Tool Table.

  Affected Product
 Version
 Date
 Severity
 Component
 Attack Type
 Discovered
 Keyword

Total: 298

PSIRT
Description
Affected Products
Updated Date
Component
Discovered
Attack Type
Severity
FG-IR-26-131 Command injection in CLI
CVE-2025-53680
An improper neutralization of special elements used in an OS command ("OS Command Injection")...
FortiAP FortiAP 7.6, FortiAP 7.4, FortiAP 7.2, FortiAP 7.0, FortiAP 6.4 ... FortiAP-U FortiAP-U 7.0, FortiAP-U 6.2 FortiAP-W2 FortiAP-W2 7.4, FortiAP-W2 7.2, FortiAP-W2 7.0
Published:
May 12, 2026
Published: May 12, 2026
CLI
CLI Component
Internal
Internal Discovered
Authenticated
Authenticated Attack Type

Medium

Medium Severity
FG-IR-26-137 DoS due to unsafe function in signal handler
CVE-2025-67604
A use of potentially Dangerous Function vulnerability [CWE-676] in FortiAnalyzer and FortiManager API may...
FortiAnalyzer 7.6.4, 7.6.3, 7.6.2, 7.6.1, 7.6.0 ... FortiManager 7.6.4, 7.6.3, 7.6.2, 7.6.1, 7.6.0 ...
Published:
May 12, 2026
Published: May 12, 2026
API
API Component
Internal
Internal Discovered
Authenticated
Authenticated Attack Type

Medium

Medium Severity
FG-IR-26-136 Incorrect global authorization
CVE-2026-26083
A missing authorization vulnerability [CWE-862] in FortiSandbox, FortiSandbox Cloud and FortiSandbox PaaS...
FortiSandbox FortiSandbox 5.0, FortiSandbox 4.4 FortiSandbox Cloud FortiSandbox Cloud 24, FortiSandbox Cloud 23, FortiSandbox Cloud 5.0 FortiSandbox PaaS FortiSandbox PaaS 23.4, FortiSandbox PaaS 23.3, FortiSandbox PaaS 23.1, FortiSandbox PaaS 22.2, FortiSandbox PaaS 22.1 ...
Published:
May 12, 2026
Published: May 12, 2026
GUI
GUI Component
Internal
Internal Discovered
Unauthenticated
Unauthenticated Attack Type

Critical

Critical Severity
FG-IR-26-133 OS command injection in CLI
CVE-2025-53870
An OS command injection vulnerabtility [CWE-78] in FortiAP and FortiAP-W2 cli may allow an authenticated...
FortiAP FortiAP 7.6, FortiAP 7.4, FortiAP 7.2, FortiAP 7.0, FortiAP 6.4 ... FortiAP-W2 FortiAP-W2 7.4, FortiAP-W2 7.2, FortiAP-W2 7.0
Published:
May 12, 2026
Published: May 12, 2026
CLI
CLI Component
Internal
Internal Discovered
Authenticated
Authenticated Attack Type

Medium

Medium Severity
FG-IR-26-123 Out-of-bounds access in CAPWAP daemon
CVE-2025-53844
An Out-Of-Bounds Write vulnerability [CWE-787] in FortiOS capwap daemon may allow an attacker controlling...
FortiOS FortiOS 7.6, FortiOS 7.4, FortiOS 7.2
Published:
May 12, 2026
Published: May 12, 2026
OTHERS
OTHERS Component
Internal
Internal Discovered
Authenticated
Authenticated Attack Type

High

High Severity
FG-IR-26-115 Arbitrary directory delete on vmimages delete feature
CVE-2026-25691
An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability [CWE-22]...
FortiSandbox 5.0.5, 5.0.4, 5.0.3, 5.0.2, 5.0.1 ... FortiSandbox Cloud 5.0.4 FortiSandbox PaaS 5.0.4
Published:
Apr 14, 2026
Published: Apr 14, 2026
GUI
GUI Component
Internal
Internal Discovered
Authenticated
Authenticated Attack Type

Medium

Medium Severity
FG-IR-26-113 Credential disclosure in LDAP configuration web page.
CVE-2026-27316
An Insufficiently protected credentials vulnerability [CWE-522] in FortiSanbox and FortiSanbox PaaS GUI...
FortiSandbox 5.0.5, 5.0.4, 5.0.3, 5.0.2, 5.0.1 ... FortiSandbox PaaS 23.4.4374, 23.4.4350, 23.3.4329, 23.1.4245, 22.2.4151 ...
Published:
Apr 14, 2026
Published: Apr 14, 2026
GUI
GUI Component
External
External Discovered
Authenticated
Authenticated Attack Type

Low

Low Severity
FG-IR-26-121 Heap-based buffer overflow in oftpd daemon
CVE-2026-22828
A heap-based buffer overflow vulnerability [CWE-122] in FortiAnalyzer Cloud oftpd daemon may allow a...
FortiAnalyzer Cloud 7.6.4, 7.6.3, 7.6.2 FortiManager Cloud 7.6.4, 7.6.3, 7.6.2
Published:
Apr 14, 2026
Published: Apr 14, 2026
OTHERS
OTHERS Component
Internal
Internal Discovered
Unauthenticated
Unauthenticated Attack Type

High

High Severity
FG-IR-26-125 Missing Authentication for critical function in CAPWAP daemon
CVE-2025-53847
A missing authentication for critical function vulnerability [CWE-306] in FortiOS and FortiSwitchManager...
FortiOS 7.6.3, 7.6.2, 7.6.1, 7.6.0, 7.4.8 ...
Published:
Apr 14, 2026
Published: Apr 14, 2026
OTHERS
OTHERS Component
Internal
Internal Discovered
Unauthenticated
Unauthenticated Attack Type

Medium

Medium Severity
FG-IR-26-110 Multiple Stored XSS
CVE-2026-39812
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability...
FortiSandbox 5.0.5, 5.0.4, 5.0.3, 5.0.2, 5.0.1 ... FortiSandbox PaaS 5.0.5, 5.0.4, 5.0.3, 5.0.2, 5.0.1 ...
Published:
Apr 14, 2026
Published: Apr 14, 2026
GUI
GUI Component
Internal
Internal Discovered
Authenticated
Authenticated Attack Type

Medium

Medium Severity
FG-IR-26-100 OS Command Injection through API endpoint
CVE-2026-39808
An Improper Neutralization of Special Elements used in an OS Command ('OS command injection')...
FortiSandbox 4.4.8, 4.4.7, 4.4.6, 4.4.5, 4.4.4 ... FortiSandbox PaaS 23.4.4374, 23.4.4350, 23.3.4329, 23.1.4245, 22.2.4151 ...
Published:
Apr 14, 2026
Published: Apr 14, 2026
API
API Component
Internal
Internal Discovered
Unauthenticated
Unauthenticated Attack Type

Critical

Critical Severity
FG-IR-26-120 Path Traversal in CLI
CVE-2025-68649
An improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in...
FortiAnalyzer 7.6.4, 7.6.3, 7.6.2, 7.6.1, 7.6.0 ... FortiAnalyzer Cloud 7.6.2, 7.4.7, 7.4.6, 7.4.5, 7.4.4 ... FortiManager 7.6.4, 7.6.3, 7.6.2, 7.6.1, 7.6.0 ... FortiManager Cloud 7.6.4, 7.6.3, 7.6.2, 7.4.7, 7.4.6 ...
Published:
Apr 14, 2026
Published: Apr 14, 2026
CLI
CLI Component
Internal
Internal Discovered
Authenticated
Authenticated Attack Type

Medium

Medium Severity
FG-IR-26-122 Path Traversal in CLI
CVE-2025-61624
An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') [CWE-22] in the command...
FortiOS 7.6.4, 7.6.3, 7.6.2, 7.6.1, 7.6.0 ... FortiPAM 1.7.0, 1.6.2, 1.6.1, 1.6.0, 1.5.1 ... FortiProxy 7.6.4, 7.6.3, 7.6.2, 7.6.1, 7.6.0 ... FortiSwitchManager 7.2.7, 7.2.6, 7.2.5, 7.2.4, 7.2.3 ...
Published:
Apr 14, 2026
Published: Apr 14, 2026
CLI
CLI Component
Internal
Internal Discovered
Authenticated
Authenticated Attack Type

Medium

Medium Severity
FG-IR-26-109 Reflected XSS in Operation Center
CVE-2025-61886
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability...
FortiSandbox 5.0.4, 5.0.3, 5.0.2, 5.0.1, 5.0.0 ... FortiSandbox PaaS 5.0.4, 5.0.3, 5.0.2, 5.0.1, 5.0.0 ...
Published:
Apr 14, 2026
Published: Apr 14, 2026
GUI
GUI Component
Internal
Internal Discovered
Unauthenticated
Unauthenticated Attack Type

Medium

Medium Severity
FG-IR-26-111 SQL Injection via JSON RPC API
CVE-2025-61848
An improper neutralization of special elements used in an SQL command ('SQL injection') [CWE-89] in...
FortiAnalyzer 7.6.4, 7.6.3, 7.6.2, 7.6.1, 7.6.0 ... FortiAnalyzer Cloud 7.6.3, 7.6.2 FortiManager 7.6.4, 7.6.3, 7.6.2, 7.6.1, 7.6.0 ... FortiManager Cloud 7.6.4, 7.6.3, 7.6.2
Published:
Apr 14, 2026
Published: Apr 14, 2026
API
API Component
Internal
Internal Discovered
Authenticated
Authenticated Attack Type

Medium

Medium Severity