Skip to main content

FortiOS CVE-2026-59839

| EUVDEUVD-2026-43717 MEDIUM
Path Traversal (CWE-22)
2026-07-14 fortinet GHSA-c97x-2x9j-68c3
5.5
CVSS 3.1 · Vendor: fortinet
Share

Severity by source

Vendor (fortinet) PRIMARY
5.5 MEDIUM
AV:P/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
vuln.today AI
5.5 MEDIUM

Physical access vector and high privileges are consistent with a local management console path traversal; no confidentiality impact as described.

3.1 AV:P/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
4.0 AV:P/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (fortinet).

CVSS VectorVendor: fortinet

CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
Attack Vector
Physical
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
High

Lifecycle Timeline

3
CVSS changed
Jul 14, 2026 - 16:22 NVD
5.0 (MEDIUM) 5.5 (MEDIUM)
Analysis Generated
Jul 14, 2026 - 16:11 vuln.today
CVE Published
Jul 14, 2026 - 15:19 cve.org
MEDIUM 5.0

DescriptionCVE.org

A improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in Fortinet FortiOS 7.6.0 through 7.6.6, FortiOS 7.4.0 through 7.4.9, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions, FortiPAM 1.8.0, FortiPAM 1.7.0 through 1.7.2, FortiPAM 1.6 all versions, FortiPAM 1.5 all versions, FortiPAM 1.4 all versions, FortiPAM 1.3 all versions, FortiPAM 1.2 all versions, FortiPAM 1.1 all versions, FortiPAM 1.0 all versions, FortiProxy 7.6.0 through 7.6.5, FortiProxy 7.4 through 7.4.13, FortiProxy 7.2 all versions, FortiProxy 7.0 all versions may allow attacker to execute unauthorized code or commands via <insert attack vector here>

AnalysisAI

Path traversal (CWE-22) in Fortinet FortiOS, FortiProxy, and FortiPAM enables a highly-privileged, physically-present attacker to execute unauthorized code or commands by escaping restricted directory boundaries. The vendor-supplied CVSS vector (AV:P/PR:H) constrains exploitation to scenarios requiring both physical device access and high-level credentials, making opportunistic or remote mass exploitation implausible. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Gain physical access to Fortinet appliance
Delivery
Authenticate with high-privilege credentials
Exploit
Submit crafted path traversal payload via local interface
Execution
Escape restricted directory boundary
Persist
Execute unauthorized code or commands
Impact
Corrupt system integrity or disrupt availability

Vulnerability AssessmentAI

Exploitation Physical access to the device (AV:P) is required - remote exploitation over a network is not possible based on the vendor-supplied CVSS vector. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS base score of 5.0 (Medium) reflects the severe access constraints encoded in the vector: AV:P requires the attacker to have physical proximity to the device, and PR:H requires high-level credentials, meaning the attacker must already be a privileged operator. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario A privileged administrator or malicious insider with physical or console access to an affected Fortinet appliance crafts a path traversal payload (e.g., a filename or parameter containing '../' sequences) through a locally-accessible management interface. The application fails to canonicalize or restrict the path, allowing the attacker to reference files or execute commands outside the intended directory. …
Remediation Patch available per vendor advisory (FG-IR-26-151) - consult https://fortiguard.fortinet.com/psirt/FG-IR-26-151 for exact fixed versions for each affected product branch, as the specific patched release numbers are not independently confirmed from available input data. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2024-55591 CRITICAL POC
9.8 Jan 14

FortiOS and FortiProxy contain an authentication bypass via the Node.js websocket module allowing unauthenticated remote

CVE-2025-24472 HIGH
8.1 Feb 11

FortiOS and FortiProxy contain an authentication bypass allowing unauthenticated attackers with knowledge of upstream/do

CVE-2024-48884 CRITICAL
9.1 Jan 14

Arbitrary file write and folder deletion in Fortinet FortiManager, FortiOS, and FortiProxy is possible via a path traver

CVE-2022-40684 CRITICAL POC
9.8 Oct 18

An authentication bypass using an alternate path or channel [CWE-288] in Fortinet FortiOS version 7.2.0 through 7.2.1 an

CVE-2024-21762 CRITICAL POC
9.8 Feb 09

A out-of-bounds write in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, 6.4.0

CVE-2023-25610 CRITICAL
9.8 Mar 24

A buffer underwrite ('buffer underflow') vulnerability in the administrative interface of Fortinet FortiOS version 7.2.0

CVE-2023-42789 CRITICAL
9.8 Mar 12

A out-of-bounds write vulnerability in Fortinet FortiOS 7.4.0 through 7.4.1, FortiOS 7.2.0 through 7.2.5, FortiOS 7.0.0

CVE-2024-26011 CRITICAL
9.8 Nov 12

A missing authentication for critical function in Fortinet FortiManager version 7.4.0 through 7.4.2, 7.2.0 through 7.2.4

CVE-2024-23113 CRITICAL
9.8 Feb 15

A use of externally-controlled format string in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.

CVE-2023-33308 CRITICAL
9.8 Jul 26

A stack-based overflow vulnerability [CWE-124] in Fortinet FortiOS version 7.0.0 through 7.0.10 and 7.2.0 through 7.2.3

CVE-2023-27997 CRITICAL
9.8 Jun 13

A heap-based buffer overflow vulnerability [CWE-122] in FortiOS version 7.2.4 and below, version 7.0.11 and below, versi

CVE-2022-35843 CRITICAL
9.8 Dec 06

An authentication bypass by assumed-immutable data vulnerability [CWE-302] in the FortiOS SSH login component 7.2.0, 7.0

Share

CVE-2026-59839 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy