Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Lifecycle Timeline
3DescriptionCVE.org
An improper neutralization of argument delimiters in a command ('argument injection') vulnerability in Fortinet FortiDeceptor 6.0.0 through 6.0.2, FortiDeceptor 5.3.0 through 5.3.3, FortiDeceptor 5.2.0 through 5.2.1, FortiDeceptor 5.1 all versions, FortiDeceptor 5.0 all versions may allow an authenticated attacker with at least read-only admin permission to read log files via HTTP crafted requests.
AnalysisAI
Argument injection in Fortinet FortiDeceptor 5.0 through 6.0.2 allows authenticated administrators with read-only permissions to read arbitrary log files via crafted HTTP requests, exposing sensitive system and audit logs. The vulnerability requires valid admin credentials but no elevated privileges, making it accessible to lower-privileged authenticated users. No public exploit code or active exploitation has been confirmed at time of analysis.
Technical ContextAI
FortiDeceptor is Fortinet's deception-based threat detection platform that monitors network activity for suspicious behavior. The vulnerability stems from improper neutralization of argument delimiters (CWE-88) in command processing, likely within HTTP request handlers that construct backend commands or file system access operations. When processing HTTP requests with specially crafted parameters, the application fails to properly escape or validate delimiter characters, allowing attackers to inject additional arguments that alter command execution. This permits unauthorized file read operations on the underlying system, bypassing intended access controls. The affected versions span multiple major releases (5.0 through 6.0.2), indicating a long-standing implementation flaw in argument handling.
RemediationAI
Upgrade to patched versions: FortiDeceptor 5.2.2 or later for 5.2.x branch, 5.3.4 or later for 5.3.x branch, 6.0.3 or later for 6.0.x branch, or 7.0 or later if available. For systems that cannot be patched immediately, restrict read-only admin role assignment to only trusted, named administrators and implement network-level access controls limiting HTTP access to FortiDeceptor management interfaces to approved administrative IP ranges or VPNs. Monitor administrative access logs for unusual HTTP requests containing special characters or path traversal sequences. These compensating controls reduce exposure but do not eliminate the vulnerability; patching is the primary remediation. Consult Fortinet security advisory FG-IR-26-138 for exact patched version confirmation and release timelines.
Fortinet FortiWeb contains a relative path traversal allowing unauthenticated attackers to execute administrative comman
FortiOS and FortiProxy contain an authentication bypass via the Node.js websocket module allowing unauthenticated remote
Fortinet FortiWeb contains an authenticated OS command injection allowing privilege escalation to execute unauthorized c
Fortinet FortiAnalyzer before 5.0.12 and 5.2.x before 5.2.5; FortiSwitch 3.3.x before 3.3.3; FortiCache 3.0.x before 3.0
Buffer overflow in the Cookie parser in Fortinet FortiOS 4.x before 4.1.11, 4.2.x before 4.2.13, and 4.3.x before 4.3.9
A product has a SQL injection vulnerability enabling unauthenticated database compromise through improperly neutralized
Remote code execution in Fortinet FortiClientEMS versions 7.4.5 through 7.4.6 allows unauthenticated attackers to execut
An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in
Fortinet FortiAnalyzer and FortiManager contain a critical authentication bypass vulnerability (CVE-2026-24858, CVSS 9.8
Authentication bypass in Fortinet FortiOS, FortiProxy, and FortiSwitchManager allows unauthenticated remote attackers to
The Gzip file parser in AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Command Antivirus 5.2.11.5, Emsisoft Anti-Malware 5
The TAR file parser in AhnLab V3 Internet Security 2011.01.18.00, Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7,
Same technique Code Injection
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-29549
GHSA-mwp3-v9r9-4p9x