Skip to main content

Fortinet CVE-2026-22828

| EUVDEUVD-2026-22327 HIGH
Heap-based Buffer Overflow (CWE-122)
2026-04-14 fortinet
8.1
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
8.1 HIGH
AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

6
Re-analysis Queued
Apr 17, 2026 - 15:22 vuln.today
cvss_changed
Analysis Generated
Apr 14, 2026 - 17:03 vuln.today
CVSS changed
Apr 14, 2026 - 16:22 NVD
7.3 (HIGH) 8.1 (HIGH)
EUVD ID Assigned
Apr 14, 2026 - 16:00 euvd
EUVD-2026-22327
Analysis Generated
Apr 14, 2026 - 16:00 vuln.today
CVE Published
Apr 14, 2026 - 15:38 nvd
HIGH 8.1

DescriptionCVE.org

A heap-based buffer overflow vulnerability in Fortinet FortiAnalyzer Cloud 7.6.2 through 7.6.4, FortiManager Cloud 7.6.2 through 7.6.4 may allow a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests. Successful exploitation would require a large amount of effort in preparation because of ASLR and network segmentation

AnalysisAI

Remote code execution in Fortinet FortiAnalyzer Cloud and FortiManager Cloud versions 7.6.2 through 7.6.4 allows unauthenticated remote attackers to execute arbitrary code via crafted network requests exploiting a heap-based buffer overflow (CWE-122). Attack complexity is rated high due to ASLR and network segmentation defenses requiring significant exploitation preparation. CVSS score of 8.1 reflects the critical impact despite defensive barriers. No public exploit identified at time of analysis, though the vulnerability's disclosure by Fortinet suggests patch availability through their security advisory FG-IR-26-121.

Technical ContextAI

This vulnerability exploits a heap-based buffer overflow (CWE-122) in the network request handling layer of Fortinet's cloud management platforms. The affected products - FortiAnalyzer Cloud and FortiManager Cloud - are centralized logging and device management solutions deployed in cloud environments. A heap overflow occurs when user-controlled input exceeds allocated heap memory boundaries, allowing memory corruption. The CVSS vector (AV:N/AC:H/PR:N) indicates network-accessible attack surface requiring no authentication, though high complexity arises from modern exploit mitigations: Address Space Layout Randomization (ASLR) randomizes memory addresses making reliable code execution difficult, while network segmentation limits direct access to management interfaces. Successful exploitation requires advanced techniques like heap spray or information disclosure to bypass ASLR, then precise memory manipulation to achieve arbitrary code execution in the context of the cloud management service.

RemediationAI

Organizations should immediately consult Fortinet's official security advisory FG-IR-26-121 at https://fortiguard.fortinet.com/psirt/FG-IR-26-121 for vendor-recommended patching guidance and upgrade paths. While the input data does not specify the exact patched version number, Fortinet typically releases fixes in subsequent minor or patch releases; administrators should upgrade to the latest available version beyond 7.6.4 following the advisory's instructions. As interim mitigations pending patch deployment, restrict network access to FortiAnalyzer Cloud and FortiManager Cloud management interfaces using firewall rules, VPN requirements, or IP allowlisting to trusted administrative networks only. Implement additional network segmentation to isolate cloud management platforms from untrusted networks. Monitor FortiAnalyzer and FortiManager logs for unusual connection attempts or malformed requests. Given the high attack complexity requiring ASLR bypass, these compensating controls significantly reduce exploitation risk during the patching window.

CVE-2025-64446 CRITICAL POC
9.8 Nov 14

Fortinet FortiWeb contains a relative path traversal allowing unauthenticated attackers to execute administrative comman

CVE-2024-55591 CRITICAL POC
9.8 Jan 14

FortiOS and FortiProxy contain an authentication bypass via the Node.js websocket module allowing unauthenticated remote

CVE-2025-58034 HIGH POC
7.2 Nov 18

Fortinet FortiWeb contains an authenticated OS command injection allowing privilege escalation to execute unauthorized c

CVE-2016-1909 CRITICAL POC
9.8 Jan 15

Fortinet FortiAnalyzer before 5.0.12 and 5.2.x before 5.2.5; FortiSwitch 3.3.x before 3.3.3; FortiCache 3.0.x before 3.0

CVE-2016-6909 CRITICAL POC
9.8 Aug 24

Buffer overflow in the Cookie parser in Fortinet FortiOS 4.x before 4.1.11, 4.2.x before 4.2.13, and 4.3.x before 4.3.9

CVE-2026-21643 CRITICAL POC
9.8 Feb 06

A product has a SQL injection vulnerability enabling unauthenticated database compromise through improperly neutralized

CVE-2026-35616 CRITICAL POC
9.8 Apr 04

Remote code execution in Fortinet FortiClientEMS versions 7.4.5 through 7.4.6 allows unauthenticated attackers to execut

CVE-2025-25256 CRITICAL POC
9.8 Aug 12

An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in

CVE-2026-24858 CRITICAL
9.8 Jan 27

Fortinet FortiAnalyzer and FortiManager contain a critical authentication bypass vulnerability (CVE-2026-24858, CVSS 9.8

CVE-2025-59718 CRITICAL
9.8 Dec 09

Authentication bypass in Fortinet FortiOS, FortiProxy, and FortiSwitchManager allows unauthenticated remote attackers to

CVE-2012-1461 MEDIUM
4.3 Mar 21

The Gzip file parser in AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Command Antivirus 5.2.11.5, Emsisoft Anti-Malware 5

CVE-2012-1459 MEDIUM
4.3 Mar 21

The TAR file parser in AhnLab V3 Internet Security 2011.01.18.00, Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7,

Share

CVE-2026-22828 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy