Skip to main content

Forticlientems EUVDEUVD-2026-43714

| CVE-2026-59836 CRITICAL
Improper Certificate Validation (CWE-295)
2026-07-14 fortinet GHSA-gp77-r46p-xfvc
Critical
Disputed · 9.8 NVD
Share

Severity by source

Sources disagree (Medium–Critical)
Vendor (fortinet) PRIMARY
MEDIUM
qualitative
NVD
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vuln.today AI
6.8 MEDIUM

MitM positioning needed (AC:H); no auth required (PR:N); client must connect (UI:R); cert bypass yields interception and modification but not availability loss (A:N).

3.1 AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
4.0 AV:N/AC:H/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

vuln.today treats the vendor’s rating as authoritative. A higher third-party CVSS (e.g. CISA-ADP) is shown for transparency but does not drive the headline severity.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

8
Analysis Updated
Jul 15, 2026 - 15:14 vuln.today
v2 (cvss_changed)
Re-analysis Queued
Jul 15, 2026 - 15:07 vuln.today
cvss_changed
Severity Changed
Jul 15, 2026 - 15:07 NVD
HIGH CRITICAL
CVSS changed
Jul 15, 2026 - 15:07 NVD
7.5 (HIGH) 9.8 (CRITICAL)
Severity Changed
Jul 14, 2026 - 16:22 NVD
MEDIUM HIGH
CVSS changed
Jul 14, 2026 - 16:22 NVD
6.7 (MEDIUM) 7.5 (HIGH)
Analysis Generated
Jul 14, 2026 - 16:09 vuln.today
CVE Published
Jul 14, 2026 - 15:15 cve.org
MEDIUM 6.7

DescriptionNVD

A improper certificate validation vulnerability in Fortinet FortiClientEMS 7.4.3 through 7.4.5, FortiClientEMS 7.4.0 through 7.4.1, FortiClientEMS 7.2 all versions may allow attacker to information disclosure via <insert attack vector here>

AnalysisAI

Improper TLS certificate validation in Fortinet FortiClientEMS (Endpoint Management Server) exposes sensitive information to network-positioned attackers across FortiClientEMS 7.2 (all listed builds up to 7.2.14), 7.4.0–7.4.1, and 7.4.3–7.4.5. Because the client fails to properly verify server certificates (CWE-295), an attacker able to intercept EMS communications can decrypt or observe protected traffic to disclose information. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Recommended ActionAI

Within 24 hours: Identify all FortiClientEMS deployments and document affected versions (7.2.0-7.2.14, 7.4.0-7.4.1, 7.4.3-7.4.5); inventory total managed endpoints and assess sensitivity of data transiting EMS communications. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-43714 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy