PSIRT Advisories

FortiAP-U - Relative path traversal vulnerability in CLI


A path traversal vulnerability [CWE-22] in FortiAP-U CLI may allow an admin user to delete and access unauthorized files and data via specifically crafted CLI commands.

Affected Products

FortiAP-U version 6.2.0 through 6.2.3
FortiAP-U version 6.0.0 through 6.0.4
FortiAP-U version 5.4.0 through 5.4.6


Please upgrade to FortiAP-U 6.2.4 or above.


Internally discovered and reported by Wilfried Djettchou of Fortinet Product Security team.