FortiSIEM is vulnerable to a CSRF attack


A Cross-Site Request Forgery (CSRF) vulnerability in the user interface of FortiSIEM could allow a remote, unauthenticated attacker to perform arbitrary actions using an authenticated user's session by persuading the victim to follow a malicious link.

Affected Products

FortiSIEM version 5.2.5 and below


Please upgrade to FortiSIEM version 5.2.6 or above.


Fortinet is pleased to thank the researcher Ganoush for bringing this issue to our attention under responsible disclosure.