Severity by source
AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Adjacent-network channel abuse (AV:A) with state/positioning dependencies (AC:H), no auth or interaction (PR:N/UI:N), and the elevated agent context yields full host CIA impact.
Primary rating from Vendor (fortinet).
CVSS VectorVendor: fortinet
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
7DescriptionCVE.org
A improper restriction of communication channel to intended endpoints vulnerability in Fortinet FortiSIEMWindowsAgent 7.4.0 through 7.4.1 may allow attacker to escalation of privilege via <insert attack vector here>
Articles & Coverage 1
AnalysisAI
Privilege escalation in Fortinet FortiSIEM Windows Agent 7.4.0 through 7.4.1 stems from an improper restriction of the agent's communication channel (CWE-923), letting an adjacent-network attacker interact with an endpoint that should be limited to trusted parties and thereby gain elevated privileges with full confidentiality, integrity, and availability impact. The flaw was disclosed by Fortinet PSIRT (FG-IR-26-155) and carries a CVSS 7.5 rating; there is no public exploit identified at time of analysis and it is not listed in CISA KEV. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires network adjacency (AV:A) - the attacker must be on the same local/broadcast segment as the FortiSIEM Windows Agent, not arbitrarily remote across the internet - targeting FortiSIEM Windows Agent 7.4.0 or 7.4.1 specifically. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 3.1 vector (AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) describes an unauthenticated attack with no user interaction but constrained to the adjacent network and requiring high attack complexity, which is why the score lands at 7.5 (High) rather than Critical despite full CIA impact. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker who has gained a foothold on the same adjacent network segment as a monitored Windows host abuses the agent's improperly restricted communication channel to impersonate or inject into a trusted endpoint, then leverages the agent's elevated service privileges to escalate on the host. Success depends on satisfying the high-complexity preconditions (e.g., specific timing, network positioning, or state), and no public proof-of-concept is currently known. |
| Remediation | Patch available per vendor advisory FG-IR-26-155 (https://fortiguard.fortinet.com/psirt/FG-IR-26-155) - upgrade FortiSIEM Windows Agent beyond the affected 7.4.0-7.4.1 range to the fixed release specified by Fortinet; an exact fixed version is not included in the provided data and should be taken directly from the advisory. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours, conduct a complete inventory of deployed FortiSIEM Windows Agent versions 7.4.0 and 7.4.1 and map their network exposure; immediately isolate any systems accessible from untrusted network segments if operationally feasible. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Same technique Privilege Escalation
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-43713
GHSA-4fpq-5jrj-phcg