60
Open CVEs
3
Exploited
3
KEV
60
Unpatched
19
No Workaround
33
Internet-facing
Why this provider is risky now
This provider has 60 open CVE(s) in the last 90 days. 3 listed in CISA KEV (known exploited). 60 have no vendor patch. 33 affect internet-facing services. 7 impact the management/identity plane.
3 KEV
3 Exploited
60 Unpatched
7 Mgmt / Admin Plane
2 Public PoC
19 No Workaround
33 Internet-facing
Top Risky CVEs
A product has a SQL injection vulnerability enabling unauthenticated database compromise through improperly neutralized SQL commands.
Within 24 hours: Identify all FortiClientEMS 7.4.4 instances in your environment and isolate them from untrusted networks; enable comprehensive logging and begin threat hunting for exploitation attempts. Within 7 days: Contact Fortinet for patch availability and interim guidance; implement network segmentation to restrict FortiClientEMS access to authorized administrators only; deploy WAF rules to block malicious SQL injection payloads if externally exposed. Within 30 days: Apply vendor patch immediately upon release; conduct forensic analysis for signs of compromise; rotate credentials for all service accounts.
Edge exposure
ICT dependency
Active exploitation
No patch available
KEV
PoC
Why flagged?
NIS2 Relevant
- • CRITICAL severity
- • Internet-facing (CWE-89: SQL Injection)
- • Third-party ICT: Fortinet
- • Exploited in the wild (CISA KEV)
- • No patch available
- • Strong evidence (KEV / high EPSS / multi-source)
DORA Relevant
- • CRITICAL severity
- • ICT provider: Fortinet (Network & Security)
- • Known exploited vulnerability (KEV)
- • No remediation available
9.8
CVSS
0.0%
EPSS
124
Priority
Remote code execution in Fortinet FortiClientEMS versions 7.4.5 through 7.4.6 allows unauthenticated attackers to execute arbitrary code via crafted network requests. The vulnerability stems from improper access control (CWE-284) and requires no user interaction or privileges (CVSS PR:N). With a CVSS score of 9.1 (Critical) and low attack complexity, this represents a severe exposure for organizations using affected FortiClientEMS versions. The CVSS temporal metrics indicate functional exploit code exists (E:F) with an official fix available (RL:O), making this a high-priority patching target despite no confirmed active exploitation (not present in CISA KEV).
Within 24 hours: Identify all FortiClientEMS installations and confirm versions 7.4.5 and 7.4.6 inventory; contact Fortinet for available patches or interim versions. Within 7 days: Apply vendor-released patch immediately upon availability; if unavailable, isolate affected FortiClientEMS servers from untrusted networks and restrict network access to administrative personnel only. Within 30 days: Complete deployment of patched FortiClientEMS version across all instances; conduct forensic analysis of systems for unauthorized access during unpatched exposure period.
Edge exposure
ICT dependency
Active exploitation
No patch available
Management plane
KEV
PoC
Why flagged?
NIS2 Relevant
- • CRITICAL severity
- • Internet-facing technique: authentication-bypass
- • Third-party ICT: Fortinet
- • Exploited in the wild (CISA KEV)
- • No patch available
- • Management plane (Improper Access Control)
- • Strong evidence (KEV / high EPSS / multi-source)
DORA Relevant
- • CRITICAL severity
- • ICT provider: Fortinet (Network & Security)
- • Known exploited vulnerability (KEV)
- • No remediation available
- • Authentication / access control weakness
9.8
CVSS
0.0%
EPSS
124
Priority
Fortinet FortiAnalyzer and FortiManager contain a critical authentication bypass vulnerability (CVE-2026-24858, CVSS 9.8) that allows unauthenticated remote attackers to gain administrative access through an alternate authentication path. With EPSS 2.8% but KEV listing confirming active exploitation, this vulnerability threatens the security management infrastructure that organizations rely on to protect their networks.
Within 24 hours: Identify all FortiAnalyzer instances running versions up to 7.6.5 and assess their criticality; disable FortiCloud integration if operationally feasible. Within 7 days: Implement network segmentation to restrict FortiAnalyzer access; enable enhanced logging and monitoring for authentication anomalies; consider air-gapping critical instances. Within 30 days: Upgrade to patched versions when available; conduct forensic analysis for signs of compromise; reset all FortiCloud credentials and audit access logs.
Edge exposure
ICT dependency
Active exploitation
No patch available
KEV
Why flagged?
NIS2 Relevant
- • CRITICAL severity
- • Internet-facing technique: authentication-bypass
- • Third-party ICT: Fortinet
- • Exploited in the wild (CISA KEV)
- • No patch available
- • Strong evidence (KEV / high EPSS / multi-source)
DORA Relevant
- • CRITICAL severity
- • ICT provider: Fortinet (Network & Security)
- • Known exploited vulnerability (KEV)
- • No remediation available
9.8
CVSS
2.8%
EPSS
112
Priority
OS command injection in Fortinet FortiSandbox 4.4.0 through 4.4.8 and FortiSandbox PaaS (versions 21.3 through 23.4) allows unauthenticated remote attackers to execute arbitrary commands or code via unsanitized input to vulnerable components. The CVSS 9.8 (Critical) score reflects network-accessible exploitation requiring no authentication or user interaction. No public exploit identified at time of analysis, though the vulnerability class (CWE-78) is commonly weaponized. Attack surface includes both on-premise FortiSandbox appliances and cloud-based PaaS offerings used for malware analysis.
Within 24 hours: Identify all FortiSandbox instances (on-premise and PaaS) in your environment and inventory their versions; immediately isolate or restrict network access to any instance running 4.4.0-4.4.8 or PaaS 21.3-23.4 unless critical business justification exists. Within 7 days: Contact Fortinet support to obtain patched versions and prioritize PaaS instances for upgrade (typically faster than on-premise); implement network segmentation so FortiSandbox has minimal lateral movement capability if compromised. Within 30 days: Complete upgrade of all affected instances to patched releases; verify successful patching via version confirmation and Fortinet's security advisories.
Edge exposure
ICT dependency
No patch available
Why flagged?
NIS2 Relevant
- • CRITICAL severity
- • Internet-facing (CWE-78: OS Command Injection)
- • Third-party ICT: Fortinet
- • No patch available
- • Strong evidence (KEV / high EPSS / multi-source)
DORA Relevant
- • CRITICAL severity
- • ICT provider: Fortinet (Network & Security)
- • No remediation available
9.8
CVSS
0.3%
EPSS
54
Priority
Path traversal vulnerability in Fortinet FortiSandbox allows unauthenticated remote attackers to achieve privilege escalation with critical severity (CVSS 9.8). Affects FortiSandbox versions 4.4.0-4.4.8, 5.0.0-5.0.5, and FortiSandbox Cloud versions 23.4, 24.1, and 5.0.4-5.0.5. The vulnerability enables complete system compromise through network-accessible exploitation requiring no user interaction or privileges (CVSS:3.1/AV:N/AC:L/PR:N/UI:N). No public exploit or active exploitation confirmed at time of analysis, though the straightforward attack complexity and network attack vector present significant risk to exposed FortiSandbox instances.
Within 24 hours: Inventory all FortiSandbox deployments, verify version numbers, and isolate any exposed instances from untrusted networks pending remediation. Within 7 days: Implement network segmentation to restrict FortiSandbox access to authorized personnel only, enable enhanced logging, and contact Fortinet for patch timeline. Within 30 days: Apply vendor-released patches immediately upon availability; if unavailable, engage Fortinet support for compensating controls or migration to patched versions.
Edge exposure
ICT dependency
No patch available
Why flagged?
NIS2 Relevant
- • CRITICAL severity
- • Internet-facing technique: path-traversal
- • Third-party ICT: Fortinet
- • No patch available
- • Strong evidence (KEV / high EPSS / multi-source)
DORA Relevant
- • CRITICAL severity
- • ICT provider: Fortinet (Network & Security)
- • No remediation available
9.8
CVSS
0.1%
EPSS
54
Priority
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability [CWE-79] vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.1, FortiSandbox 4.4.0 through 4.4.7, FortiSandbox 4.2 all versions, FortiSandbox 4.0 all versions may allow an unauthenticated attacker to execute commands via crafted requests. [CVSS 8.8 HIGH]
Within 24 hours: Inventory all FortiSandbox deployments and confirm affected versions (4.0, 4.2, 4.4.0-4.4.7, 5.0.0-5.0.1); isolate or restrict network access to affected instances. Within 7 days: Implement network segmentation to limit FortiSandbox access to trusted administrative networks only; deploy WAF rules blocking XSS patterns on management interfaces; enable detailed logging and conduct threat hunting for exploitation indicators. Within 30 days: Upgrade to FortiSandbox 5.0.2+ or later when available; evaluate alternative sandbox solutions if upgrade timelines exceed acceptable risk windows.
Edge exposure
ICT dependency
No patch available
Why flagged?
NIS2 Relevant
- • HIGH severity
- • Internet-facing (CWE-79: Cross-site Scripting (XSS))
- • Third-party ICT: Fortinet
- • No patch available
- • Moderate evidence (PoC / elevated EPSS)
DORA Relevant
- • HIGH severity
- • ICT provider: Fortinet (Network & Security)
- • No remediation available
8.8
CVSS
0.2%
EPSS
44
Priority
vulnerability in Fortinet FortiSwitchAXFixed 1.0.0 versions up to 1.0.1 is affected by classic buffer overflow (CVSS 8.8).
Within 24 hours: Inventory all FortiSwitchAX deployments and isolate affected devices (1.0.0-1.0.1) from untrusted networks; implement network segmentation and restrict administrative access. Within 7 days: Deploy compensating controls including enhanced network monitoring and WAF rules to detect exploit attempts; consider firmware rollback to pre-1.0.0 versions if available. Within 30 days: Monitor Fortinet security advisories for patch release; conduct vulnerability reassessment post-patch and plan controlled firmware upgrades.
ICT dependency
No patch available
Why flagged?
NIS2 Relevant
- • HIGH severity
- • Third-party ICT: Fortinet
- • No patch available
- • Moderate evidence (PoC / elevated EPSS)
DORA Relevant
- • HIGH severity
- • ICT provider: Fortinet (Network & Security)
- • No remediation available
8.8
CVSS
0.0%
EPSS
44
Priority
SQL injection in Fortinet FortiDDoS-F 7.2.1-7.2.2 allows authenticated remote attackers to execute unauthorized code or commands with high impact to confidentiality, integrity, and availability. The vulnerability resides in the web management interface and requires low attack complexity with no user interaction. No public exploit identified at time of analysis, with EPSS data not yet available for this recently disclosed CVE.
Within 24 hours: Inventory all Fortinet FortiDDoS-F installations and identify systems running versions 7.2.1 or 7.2.2; restrict administrative access to the web management interface to trusted networks only via firewall rules. Within 7 days: Contact Fortinet support for patch availability timeline and interim guidance; consider isolating affected FortiDDoS-F instances from production traffic if alternative DDoS mitigation capacity exists. Within 30 days: Apply vendor-released patch immediately upon availability; if no patch is released, evaluate migration to patched versions or alternative DDoS solutions.
Edge exposure
ICT dependency
No patch available
Why flagged?
NIS2 Relevant
- • HIGH severity
- • Internet-facing (CWE-89: SQL Injection)
- • Third-party ICT: Fortinet
- • No patch available
- • Moderate evidence (PoC / elevated EPSS)
DORA Relevant
- • HIGH severity
- • ICT provider: Fortinet (Network & Security)
- • No remediation available
8.8
CVSS
0.1%
EPSS
44
Priority
A use of externally-controlled format string vulnerability in Fortinet FortiOS 7.6.0 through 7.6.4, FortiOS 7.4.0 through 7.4.9, FortiOS 7.2.0 through 7.2.11, FortiOS 7.0 all versions allows an authenticated admin to execute unauthorized code or commands via specifically crafted configuration. [CVSS 6.7 MEDIUM]
Within 30 days: Identify affected systems running Fortinet FortiOS 7.6.0 and apply vendor patches as part of regular patch cycle. Monitor vendor channels for patch availability.
ICT dependency
Why flagged?
6.7
CVSS
0.0%
EPSS
44
Priority
Fortinet FortiWeb versions 7.0 through 8.0.2 contain an improper rate-limiting flaw that allows unauthenticated remote attackers to bypass authentication attempt restrictions through crafted requests. This vulnerability enables attackers to conduct brute-force password attacks against FortiWeb instances with reduced constraints, with success dependent on attacker resources and target password complexity. No patch is currently available for affected versions.
Within 24 hours: Inventory all FortiWeb deployments and confirm affected versions (7.0.0-7.0.11, 7.2.0-7.2.11, 7.4.0-7.4.10, 7.6.0-7.6.5, 8.0.0-8.0.2); enable enhanced logging on authentication attempts. Within 7 days: Implement WAF rules to detect and block anomalous authentication patterns; reduce authentication timeout windows; consider adding multi-factor authentication for critical applications. Within 30 days: Plan and execute migration to patched FortiWeb versions as they become available; conduct security assessments of authentication logs for signs of exploitation.
ICT dependency
No patch available
Why flagged?
NIS2 Relevant
- • HIGH severity
- • Third-party ICT: Fortinet
- • No patch available
- • Moderate evidence (PoC / elevated EPSS)
DORA Relevant
- • HIGH severity
- • ICT provider: Fortinet (Network & Security)
- • No remediation available
8.1
CVSS
0.1%
EPSS
41
Priority
By Exposure
Internet-facing
33
Mgmt / Admin Plane
7
Identity / Auth
5
Internal only
25
By Exploitability
Known exploited
3
Public PoC
2
High EPSS (>30%)
0
Remote unauthenticated
19
Local only
13
By Remediation
Patch available
0
No patch
60
Workaround available
41
No workaround
19
Affected Services / Product Families
Fortinet
60 CVE(s)
+ 50 more