Skip to main content

FortiSIEM Windows Agent CVE-2026-59841

| EUVDEUVD-2026-43713 HIGH
Improper Restriction of Communication Channel to Intended Endpoints (CWE-923)
2026-07-14 fortinet GHSA-4fpq-5jrj-phcg
7.5
CVSS 3.1 · Vendor: fortinet
Share

Severity by source

Vendor (fortinet) PRIMARY
7.5 MEDIUM
AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
ENISA EUVD
HIGH
qualitative
vuln.today AI
7.5 HIGH

Adjacent-network channel abuse (AV:A) with state/positioning dependencies (AC:H), no auth or interaction (PR:N/UI:N), and the elevated agent context yields full host CIA impact.

3.1 AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
4.0 AV:A/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (fortinet).

CVSS VectorVendor: fortinet

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Adjacent
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

7
Analysis Updated
Jul 14, 2026 - 16:49 vuln.today
v3 (cvss_changed)
Analysis Updated
Jul 14, 2026 - 16:47 vuln.today
v2 (cvss_changed)
Re-analysis Queued
Jul 14, 2026 - 16:22 vuln.today
cvss_changed
Severity Changed
Jul 14, 2026 - 16:22 NVD
MEDIUM HIGH
CVSS changed
Jul 14, 2026 - 16:22 NVD
6.9 (MEDIUM) 7.5 (HIGH)
Analysis Generated
Jul 14, 2026 - 16:09 vuln.today
CVE Published
Jul 14, 2026 - 15:15 cve.org
MEDIUM 6.9

DescriptionCVE.org

A improper restriction of communication channel to intended endpoints vulnerability in Fortinet FortiSIEMWindowsAgent 7.4.0 through 7.4.1 may allow attacker to escalation of privilege via <insert attack vector here>

AnalysisAI

Privilege escalation in Fortinet FortiSIEM Windows Agent 7.4.0 through 7.4.1 stems from an improper restriction of the agent's communication channel (CWE-923), letting an adjacent-network attacker interact with an endpoint that should be limited to trusted parties and thereby gain elevated privileges with full confidentiality, integrity, and availability impact. The flaw was disclosed by Fortinet PSIRT (FG-IR-26-155) and carries a CVSS 7.5 rating; there is no public exploit identified at time of analysis and it is not listed in CISA KEV. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Gain foothold on adjacent network segment
Delivery
Reach agent's unrestricted communication channel
Exploit
Impersonate trusted FortiSIEM endpoint
Execution
Abuse elevated agent service context
Impact
Escalate privileges on Windows host

Vulnerability AssessmentAI

Exploitation Exploitation requires network adjacency (AV:A) - the attacker must be on the same local/broadcast segment as the FortiSIEM Windows Agent, not arbitrarily remote across the internet - targeting FortiSIEM Windows Agent 7.4.0 or 7.4.1 specifically. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 3.1 vector (AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) describes an unauthenticated attack with no user interaction but constrained to the adjacent network and requiring high attack complexity, which is why the score lands at 7.5 (High) rather than Critical despite full CIA impact. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who has gained a foothold on the same adjacent network segment as a monitored Windows host abuses the agent's improperly restricted communication channel to impersonate or inject into a trusted endpoint, then leverages the agent's elevated service privileges to escalate on the host. Success depends on satisfying the high-complexity preconditions (e.g., specific timing, network positioning, or state), and no public proof-of-concept is currently known.
Remediation Patch available per vendor advisory FG-IR-26-155 (https://fortiguard.fortinet.com/psirt/FG-IR-26-155) - upgrade FortiSIEM Windows Agent beyond the affected 7.4.0-7.4.1 range to the fixed release specified by Fortinet; an exact fixed version is not included in the provided data and should be taken directly from the advisory. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours, conduct a complete inventory of deployed FortiSIEM Windows Agent versions 7.4.0 and 7.4.1 and map their network exposure; immediately isolate any systems accessible from untrusted network segments if operationally feasible. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-59841 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy