Skip to main content

Fortigate

Vendor security scorecard – 4 CVEs in the selected period

Period: 30d 90d 6m 1y All
Risk 8
4
CVEs
0
Critical
2
High
0
KEV
0
PoC
2
Unpatched C/H
0.0%
Patch Rate
0.1%
Avg EPSS

Severity Breakdown

CRITICAL
0
HIGH
2
MEDIUM
1
LOW
1

Monthly CVE Trend

Top Risky CVEs

CVE Summary Severity CVSS EPSS Priority Signals
CVE-2026-22153 Fortios versions up to 7.6.4 contains a vulnerability that allows attackers to an unauthenticated attacker to bypass LDAP authentication of Agentless VPN or FS (CVSS 8.1). HIGH 8.1 0.0% 41
No patch
CVE-2025-31104 FortiADC versions 6.1 through 7.6.1 contain an OS command injection vulnerability (CWE-78) that allows authenticated attackers with high privileges to execute arbitrary code through crafted HTTP requests. The vulnerability affects multiple product versions across several release branches, with a CVSS score of 7.2 indicating high severity. While the attack requires authentication and high-level privileges, successful exploitation results in complete system compromise with confidentiality, integrity, and availability impact. HIGH 7.2 0.1% 36
No patch
CVE-2025-68686 An Exposure of Sensitive Information to an Unauthorized Actor vulnerability [CWE-200] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.1, FortiOS 7.4.0 through 7.4.6, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions may allow a remote unauthenticated attacker to bypass the patch developed for the symbolic link persistency mechanism observed in some post-exploit cases, via crafted HTTP requests. [CVSS 5.9 MEDIUM] MEDIUM 5.9 0.0% 30
No patch
CVE-2026-25815 Fortinet FortiOS versions up to 7.6.6 contains a vulnerability that allows attackers to decrypt LDAP credentials stored in device configuration files, as exploited in t (CVSS 3.2). LOW 3.2 0.0% 16
No patch

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy