Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
6DescriptionCVE.org
A improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiDDoS-F 7.2.1 through 7.2.2 may allow attacker to execute unauthorized code or commands via <insert attack vector here>
AnalysisAI
SQL injection in Fortinet FortiDDoS-F 7.2.1-7.2.2 allows authenticated remote attackers to execute unauthorized code or commands with high impact to confidentiality, integrity, and availability. The vulnerability resides in the web management interface and requires low attack complexity with no user interaction. No public exploit identified at time of analysis, with EPSS data not yet available for this recently disclosed CVE.
Technical ContextAI
FortiDDoS-F is Fortinet's dedicated DDoS mitigation appliance providing inline protection against volumetric and application-layer attacks. This vulnerability affects versions 7.2.1 through 7.2.2 and stems from CWE-89 (Improper Neutralization of Special Elements used in an SQL Command). The flaw indicates inadequate input validation or parameterization in SQL query construction within the management interface, allowing malicious SQL syntax injection. The CPE identifier cpe:2.3:a:fortinet:fortiddos-f:*:*:*:*:*:*:*:* confirms this affects the FortiDDoS-F application platform. SQL injection vulnerabilities in network security appliances are particularly critical as these devices typically operate with elevated database privileges and contain sensitive configuration data, attack signatures, and traffic analysis records.
RemediationAI
Organizations should immediately upgrade affected FortiDDoS-F appliances to a patched version as specified in Fortinet's security advisory at https://fortiguard.fortinet.com/psirt/FG-IR-26-119. The advisory reference FG-IR-26-119 indicates Fortinet has acknowledged and addressed this vulnerability through their standard PSIRT process. Until patching is complete, implement compensating controls including restricting management interface access to trusted IP addresses only via firewall rules or access control lists, enforcing strong authentication with multi-factor authentication where possible, monitoring administrative access logs for suspicious SQL syntax patterns in request parameters, and ensuring all administrative accounts follow least-privilege principles. Review and rotate credentials for all administrative accounts as a precautionary measure. Disable remote management access if operationally feasible until patches are applied. Consult the official Fortinet advisory for specific upgrade paths and any additional mitigation guidance for your deployment model.
Fortinet FortiWeb contains a relative path traversal allowing unauthenticated attackers to execute administrative comman
FortiOS and FortiProxy contain an authentication bypass via the Node.js websocket module allowing unauthenticated remote
Fortinet FortiWeb contains an authenticated OS command injection allowing privilege escalation to execute unauthorized c
Fortinet FortiAnalyzer before 5.0.12 and 5.2.x before 5.2.5; FortiSwitch 3.3.x before 3.3.3; FortiCache 3.0.x before 3.0
Buffer overflow in the Cookie parser in Fortinet FortiOS 4.x before 4.1.11, 4.2.x before 4.2.13, and 4.3.x before 4.3.9
A product has a SQL injection vulnerability enabling unauthenticated database compromise through improperly neutralized
Remote code execution in Fortinet FortiClientEMS versions 7.4.5 through 7.4.6 allows unauthenticated attackers to execut
An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in
Fortinet FortiAnalyzer and FortiManager contain a critical authentication bypass vulnerability (CVE-2026-24858, CVSS 9.8
Authentication bypass in Fortinet FortiOS, FortiProxy, and FortiSwitchManager allows unauthenticated remote attackers to
The Gzip file parser in AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Command Antivirus 5.2.11.5, Emsisoft Anti-Malware 5
The TAR file parser in AhnLab V3 Internet Security 2011.01.18.00, Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7,
Same weakness CWE-89 – SQL Injection
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-22348
GHSA-qwjq-mqc6-9q3h