Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Primary rating from Vendor (fortinet) · only source for this CVE.
CVSS VectorVendor: fortinet
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
3DescriptionCVE.org
A improper access control vulnerability in Fortinet FortiPortal 7.4.0 through 7.4.7, FortiPortal 7.2.0 through 7.2.8, FortiPortal 7.0 all versions may allow attacker to improper access control via <insert attack vector here>
AnalysisAI
Improper access control in Fortinet FortiPortal versions 7.0.x (all), 7.2.0-7.2.8, and 7.4.0-7.4.7 enables an authenticated low-privilege attacker to bypass authorization controls and gain unauthorized read access to sensitive data. The CVSS vector (AV:N/AC:L/PR:L/UI:N/C:H) indicates low-complexity network exploitation by any authenticated user, resulting in high confidentiality impact with no integrity or availability loss. No public exploit identified at time of analysis based on CISA KEV, though publicly available exploit code exists per the CVSS temporal E:P metric, and Fortinet has issued an official fix.
Technical ContextAI
FortiPortal is Fortinet's multi-tenant management portal, primarily used by MSSPs and enterprise customers to manage FortiGate security policies, firewall configurations, and network telemetry across customer tenants. CWE-284 (Improper Access Control) identifies the root cause as a failure to enforce authorization boundaries - the system permits authenticated low-privilege users to access resources, API endpoints, or data structures that should require elevated privileges. The 'Authentication Bypass' tag in conjunction with CWE-284 and the PR:L CVSS parameter suggests vertical or horizontal privilege escalation within FortiPortal's role-based access model, potentially exposing cross-tenant data or administrative functions. The affected CPE (cpe:2.3:a:fortinet:fortiportal:*:*:*:*:*:*:*:*) encompasses the full FortiPortal application across the named version ranges. The CVE description contains a placeholder ('<insert attack vector here>'), indicating the precise exploitation mechanism within the portal has not been fully disclosed in the available data.
RemediationAI
Fortinet has released an official fix per the CVSS temporal RL:O metric and the PSIRT advisory FG-IR-26-140 at https://fortiguard.fortinet.com/psirt/FG-IR-26-140; however, the exact patched version numbers are not specified in the available data and must be confirmed directly from the Fortinet advisory before upgrading. Administrators should prioritize reviewing the advisory for the target upgrade version and apply the patch immediately, particularly given publicly available proof-of-concept code. As interim compensating controls prior to patching: restrict network access to FortiPortal's management interface to trusted IP ranges via upstream firewall ACLs (trade-off: operational impact for remote administrators); audit and minimize low-privilege accounts with portal access, removing any unnecessary accounts that could be leveraged; and enable enhanced logging on FortiPortal access events to detect anomalous cross-role data access attempts. Network-level restrictions reduce attack surface but do not remediate the underlying access control flaw.
Fortinet FortiWeb contains a relative path traversal allowing unauthenticated attackers to execute administrative comman
FortiOS and FortiProxy contain an authentication bypass via the Node.js websocket module allowing unauthenticated remote
Fortinet FortiWeb contains an authenticated OS command injection allowing privilege escalation to execute unauthorized c
Fortinet FortiAnalyzer before 5.0.12 and 5.2.x before 5.2.5; FortiSwitch 3.3.x before 3.3.3; FortiCache 3.0.x before 3.0
Buffer overflow in the Cookie parser in Fortinet FortiOS 4.x before 4.1.11, 4.2.x before 4.2.13, and 4.3.x before 4.3.9
A product has a SQL injection vulnerability enabling unauthenticated database compromise through improperly neutralized
Remote code execution in Fortinet FortiClientEMS versions 7.4.5 through 7.4.6 allows unauthenticated attackers to execut
An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in
Fortinet FortiAnalyzer and FortiManager contain a critical authentication bypass vulnerability (CVE-2026-24858, CVSS 9.8
Authentication bypass in Fortinet FortiOS, FortiProxy, and FortiSwitchManager allows unauthenticated remote attackers to
The Gzip file parser in AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Command Antivirus 5.2.11.5, Emsisoft Anti-Malware 5
The TAR file parser in AhnLab V3 Internet Security 2011.01.18.00, Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7,
Same weakness CWE-284 – Improper Access Control
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-35442
GHSA-ccch-q89j-28hm