Skip to main content

Fortigate

4 CVEs vendor

Monthly

CVE-2026-22153 HIGH This Week

Fortios versions up to 7.6.4 contains a vulnerability that allows attackers to an unauthenticated attacker to bypass LDAP authentication of Agentless VPN or FS (CVSS 8.1).

Fortinet Fortigate LDAP Authentication Bypass Fortios
NVD
CVSS 3.1
8.1
EPSS
0.0%
CVE-2025-68686 MEDIUM This Month

An Exposure of Sensitive Information to an Unauthorized Actor vulnerability [CWE-200] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.1, FortiOS 7.4.0 through 7.4.6, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions may allow a remote unauthenticated attacker to bypass the patch developed for the symbolic link persistency mechanism observed in some post-exploit cases, via crafted HTTP requests. [CVSS 5.9 MEDIUM]

Fortinet Fortigate Fortios
NVD VulDB
CVSS 3.1
5.9
EPSS
0.0%
CVE-2026-25815 LOW Monitor

Fortinet FortiOS versions up to 7.6.6 contains a vulnerability that allows attackers to decrypt LDAP credentials stored in device configuration files, as exploited in t (CVSS 3.2).

Fortinet Fortigate LDAP
NVD
CVSS 3.1
3.2
EPSS
0.0%
CVE-2025-31104 HIGH This Week

FortiADC versions 6.1 through 7.6.1 contain an OS command injection vulnerability (CWE-78) that allows authenticated attackers with high privileges to execute arbitrary code through crafted HTTP requests. The vulnerability affects multiple product versions across several release branches, with a CVSS score of 7.2 indicating high severity. While the attack requires authentication and high-level privileges, successful exploitation results in complete system compromise with confidentiality, integrity, and availability impact.

Command Injection Fortinet Fortigate RCE Authentication Bypass +1
NVD
CVSS 3.1
7.2
EPSS
0.1%
EPSS 0% CVSS 8.1
HIGH This Week

Fortios versions up to 7.6.4 contains a vulnerability that allows attackers to an unauthenticated attacker to bypass LDAP authentication of Agentless VPN or FS (CVSS 8.1).

Fortinet Fortigate LDAP +2
NVD
EPSS 0% CVSS 5.9
MEDIUM This Month

An Exposure of Sensitive Information to an Unauthorized Actor vulnerability [CWE-200] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.1, FortiOS 7.4.0 through 7.4.6, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions may allow a remote unauthenticated attacker to bypass the patch developed for the symbolic link persistency mechanism observed in some post-exploit cases, via crafted HTTP requests. [CVSS 5.9 MEDIUM]

Fortinet Fortigate Fortios
NVD VulDB
EPSS 0% CVSS 3.2
LOW Monitor

Fortinet FortiOS versions up to 7.6.6 contains a vulnerability that allows attackers to decrypt LDAP credentials stored in device configuration files, as exploited in t (CVSS 3.2).

Fortinet Fortigate LDAP
NVD
EPSS 0% CVSS 7.2
HIGH This Week

FortiADC versions 6.1 through 7.6.1 contain an OS command injection vulnerability (CWE-78) that allows authenticated attackers with high privileges to execute arbitrary code through crafted HTTP requests. The vulnerability affects multiple product versions across several release branches, with a CVSS score of 7.2 indicating high severity. While the attack requires authentication and high-level privileges, successful exploitation results in complete system compromise with confidentiality, integrity, and availability impact.

Command Injection Fortinet Fortigate +3
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy