CVE-2026-22628
MEDIUMCVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Lifecycle Timeline
2Description
An improper access control vulnerability in Fortinet FortiSwitchAXFixed 1.0.0 through 1.0.1 may allow an authenticated admin to execute system commands via a specifically crafted SSH config file.
Analysis
Fortinet FortiSwitchAXFixed versions 1.0.0 through 1.0.1 contain an access control flaw that allows authenticated administrators to execute arbitrary system commands by uploading a malicious SSH configuration file. The vulnerability requires local access and valid admin credentials but poses a risk to organizations where admin accounts may be compromised or where insider threats are a concern. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 30 days: Identify affected systems running Fortinet FortiSwitchAXFixed 1.0.0 and apply vendor patches as part of regular patch cycle. Monitor vendor channels for patch availability.
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today