Skip to main content

Forticlient CVE-2026-24018

HIGH
UNIX Symbolic Link (Symlink) Following (CWE-61)
2026-03-10 psirt@fortinet.com
7.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.8 HIGH
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

2
Analysis Generated
Mar 12, 2026 - 21:55 vuln.today
CVE Published
Mar 10, 2026 - 18:18 nvd
HIGH 7.8

DescriptionCVE.org

A UNIX symbolic link (Symlink) following vulnerability in Fortinet FortiClientLinux 7.4.0 through 7.4.4, FortiClientLinux 7.2.2 through 7.2.12 may allow a local and unprivileged user to escalate their privileges to root.

AnalysisAI

following vulnerability in Fortinet FortiClientLinux 7.4.0 versions up to 7.4.4 contains a vulnerability that allows attackers to a local and unprivileged user to escalate their privileges to root (CVSS 7.8).

Technical ContextAI

affects following vulnerability in Fortinet FortiClientLinux 7.4.0. A UNIX symbolic link (Symlink) following vulnerability in Fortinet FortiClientLinux 7.4.0 through 7.4.4, FortiClientLinux 7.2.2 through 7.2.12 may allow a local and unprivileged user to escalate their privileges to root.

RemediationAI

Monitor vendor advisories for a patch.

CVE-2017-7344 HIGH POC
8.1 Dec 14

A privilege escalation in Fortinet FortiClient Windows 5.4.3 and earlier as well as 5.6.0 allows attacker to gain privil

CVE-2015-5736 HIGH POC
7.2 Sep 03

The Fortishield.sys driver in Fortinet FortiClient before 5.2.4 allows local users to execute arbitrary code with kernel

CVE-2024-3661 HIGH POC
7.6 May 06

DHCP can add routes to a client’s routing table via the classless static route option (121). Rated high severity (CVSS 7

CVE-2017-14184 HIGH
8.8 Dec 15

An Information Disclosure vulnerability in Fortinet FortiClient for Windows 5.6.0 and below versions, FortiClient for Ma

CVE-2015-1453 MEDIUM POC
5.0 Feb 02

The qm class in Fortinet FortiClient 5.2.3.091 for Android uses a hardcoded encryption key of FoRtInEt!AnDrOiD, which ma

CVE-2016-8493 HIGH
8.8 Jun 26

In FortiClientWindows 5.4.1 and 5.4.2, an attacker may escalate privilege via a FortiClientNamedPipe vulnerability. Rate

CVE-2024-36513 HIGH
8.8 Nov 12

A privilege context switching error vulnerability [CWE-270] in FortiClient Windows version 7.2.4 and below, version 7.0.

CVE-2015-1570 MEDIUM POC
4.3 Feb 10

The Endpoint Control protocol implementation in Fortinet FortiClient 5.2.3.091 for Android and 5.2.028 for iOS does not

CVE-2015-1569 MEDIUM POC
4.3 Feb 10

Fortinet FortiClient 5.2.028 for iOS does not validate certificates, which makes it easier for man-in-the-middle attacke

CVE-2023-45588 HIGH
8.2 Mar 14

An external control of file name or path vulnerability [CWE-73] in FortiClientMac version 7.2.3 and below, version 7.0.1

CVE-2024-31489 HIGH
8.1 Sep 10

AAn improper certificate validation vulnerability [CWE-295] in FortiClientWindows 7.2.0 through 7.2.2, 7.0.0 through 7.0

CVE-2015-7362 HIGH
7.8 Jan 08

Fortinet FortiClient Linux SSLVPN before build 2313, when installed on Linux in a home directory that is world readable

Share

CVE-2026-24018 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy