Skip to main content

Fortinet FortiSIEM CVE-2026-59838

| EUVDEUVD-2026-44668 MEDIUM
Basic XSS (CWE-80)
2026-07-15 fortinet GHSA-qgv9-w22c-fhgv
4.8
CVSS 3.1 · NVD
Share

Severity by source

Vendor (fortinet) PRIMARY
MEDIUM
qualitative
NVD
4.8 MEDIUM
AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
vuln.today AI
5.9 MEDIUM

PR:H confirmed by requirement for existing admin session; S:C reflects script executing in victim browser outside app context; C/I/A:L appropriate for session-level XSS impact.

3.1 AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L
4.0 AV:N/AC:L/AT:N/PR:H/UI:A/VC:L/VI:L/VA:L/SC:L/SI:L/SA:N

Primary rating from Vendor (fortinet).

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

4
CVSS changed
Jul 15, 2026 - 18:52 NVD
5.9 (MEDIUM) 4.8 (MEDIUM)
Analysis Generated
Jul 15, 2026 - 14:31 vuln.today
CVSS changed
Jul 15, 2026 - 14:22 NVD
5.3 (MEDIUM) 5.9 (MEDIUM)
CVE Published
Jul 15, 2026 - 13:43 cve.org
MEDIUM 5.9

DescriptionNVD

A improper neutralization of script-related html tags in a web page (basic xss) vulnerability in Fortinet FortiSIEM 7.4.0, FortiSIEM 7.3.0 through 7.3.4, FortiSIEM 7.2.0 through 7.2.6, FortiSIEM 7.1 all versions, FortiSIEM 7.0 all versions, FortiSIEM 6.7 all versions, FortiSIEM 6.6 all versions, FortiSIEM 6.5 all versions, FortiSIEM 6.4 all versions may allow attacker to execute unauthorized code or commands via <insert attack vector here>

AnalysisAI

Stored or reflected cross-site scripting in Fortinet FortiSIEM's web interface enables a high-privileged authenticated attacker to inject malicious script tags that execute in the browsers of other users who view the affected page. The vulnerability spans a wide version range from FortiSIEM 6.4 through 7.4.0, affecting all deployments of this enterprise SIEM platform. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Obtain or compromise high-privilege FortiSIEM credentials
Delivery
Authenticate to FortiSIEM web interface
Exploit
Inject script tags into persistent data field
Execution
Victim administrator loads affected page
Persist
Injected JavaScript executes in victim browser
Impact
Exfiltrate session token or perform actions as victim

Vulnerability AssessmentAI

Exploitation Exploitation requires the attacker to hold a high-privilege authenticated session within the FortiSIEM web interface (PR:H per CVSS vector), meaning they must already possess valid admin-level credentials or have compromised such an account. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 5.9 Medium score reflects the tension between a network-accessible attack vector with low complexity (AV:N/AC:L) and the mitigating constraints of high privilege required and mandatory user interaction (PR:H/UI:R). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who has obtained or compromised a high-privileged FortiSIEM administrator account navigates to an input field in the web UI - such as a report name, custom rule description, or notification template - and injects a malicious JavaScript payload using raw script tags. When a security analyst or peer administrator subsequently views the affected page, the payload executes silently in their browser, exfiltrating their FortiSIEM session token to an attacker-controlled server and granting the attacker a second authenticated session without needing to know the victim's credentials.
Remediation Consult the Fortinet PSIRT advisory at https://fortiguard.fortinet.com/psirt/FG-IR-26-149 for the authoritative patch version; no specific fixed release version was present in the available input data, so an exact upgrade target cannot be cited here. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2025-25256 CRITICAL POC
9.8 Aug 12

An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in

CVE-2025-64155 CRITICAL POC
9.8 Jan 13

Fortinet FortiSIEM (6.7.0 through 7.4.0) has OS command injection via crafted TCP requests. As a SIEM, compromise gives

CVE-2024-23108 CRITICAL POC
9.8 Feb 05

An improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet

CVE-2023-40714 CRITICAL
9.9 Apr 02

A relative path traversal in Fortinet FortiSIEM versions 7.0.0, 6.7.0 through 6.7.2, 6.6.0 through 6.6.3, 6.5.1, 6.5.0 a

CVE-2024-23109 CRITICAL
9.8 Feb 05

An improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet

CVE-2023-36553 CRITICAL
9.8 Nov 14

A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiSIEM versi

CVE-2023-34992 CRITICAL
9.8 Oct 10

A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet a

CVE-2023-26204 CRITICAL
9.8 Jun 13

A plaintext storage of a password vulnerability [CWE-256] in FortiSIEM 6.7 all versions, 6.6 all versions, 6.5 all versi

CVE-2022-26119 HIGH
7.8 Nov 02

A improper authentication vulnerability in Fortinet FortiSIEM before 6.5.0 allows a local attacker with CLI access to pe

CVE-2021-41022 HIGH
7.8 Nov 02

A improper privilege management in Fortinet FortiSIEM Windows Agent version 4.1.4 and below allows attacker to execute p

CVE-2023-41676 MEDIUM
6.5 Nov 14

An exposure of sensitive information to an unauthorized actor [CWE-200] in FortiSIEM version 7.0.0 and before 6.7.5 may

CVE-2021-41023 MEDIUM
5.5 Nov 02

A unprotected storage of credentials in Fortinet FortiSIEM Windows Agent version 4.1.4 and below allows an authenticated

Share

CVE-2026-59838 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy