9
CVEs
1
Critical
3
High
1
KEV
0
PoC
4
Unpatched C/H
0.0%
Patch Rate
0.3%
Avg EPSS
Severity Breakdown
CRITICAL
1
HIGH
3
MEDIUM
4
LOW
1
Monthly CVE Trend
Affected Products (11)
Top Risky CVEs
| CVE | Summary | Severity | CVSS | EPSS | Priority | Signals |
|---|---|---|---|---|---|---|
| CVE-2026-24858 | Fortinet FortiAnalyzer and FortiManager contain a critical authentication bypass vulnerability (CVE-2026-24858, CVSS 9.8) that allows unauthenticated remote attackers to gain administrative access through an alternate authentication path. With EPSS 2.8% but KEV listing confirming active exploitation, this vulnerability threatens the security management infrastructure that organizations rely on to protect their networks. | CRITICAL | 9.8 | 2.8% | 112 |
KEV
No patch
|
| CVE-2025-64157 | A use of externally-controlled format string vulnerability in Fortinet FortiOS 7.6.0 through 7.6.4, FortiOS 7.4.0 through 7.4.9, FortiOS 7.2.0 through 7.2.11, FortiOS 7.0 all versions allows an authenticated admin to execute unauthorized code or commands via specifically crafted configuration. [CVSS 6.7 MEDIUM] | MEDIUM | 6.7 | 0.0% | 44 |
No patch
|
| CVE-2026-22153 | Fortios versions up to 7.6.4 contains a vulnerability that allows attackers to an unauthenticated attacker to bypass LDAP authentication of Agentless VPN or FS (CVSS 8.1). | HIGH | 8.1 | 0.0% | 41 |
No patch
|
| CVE-2025-25249 | A heap-based buffer overflow vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2.0 through 7.2.11, FortiOS 7.0.0 through 7.0.17, FortiOS 6.4 all versions, FortiSwitchManager 7.2.0 through 7.2.6, FortiSwitchManager 7.0.0 through 7.0.5 allows attacker to execute unauthorized code or commands via specially crafted packets [CVSS 8.1 HIGH] | HIGH | 8.1 | 0.0% | 41 |
No patch
|
| CVE-2025-55018 | An inconsistent interpretation of http requests ('http request smuggling') vulnerability in Fortinet FortiOS 7.6.0, FortiOS 7.4.0 through 7.4.9, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4.3 through 6.4.16 may allow an unauthenticated attacker to smuggle an unlogged http request through the firewall policies via a specially crafted header [CVSS 5.8 MEDIUM] | MEDIUM | 5.8 | 0.1% | 39 |
No patch
|
| CVE-2025-31104 | FortiADC versions 6.1 through 7.6.1 contain an OS command injection vulnerability (CWE-78) that allows authenticated attackers with high privileges to execute arbitrary code through crafted HTTP requests. The vulnerability affects multiple product versions across several release branches, with a CVSS score of 7.2 indicating high severity. While the attack requires authentication and high-level privileges, successful exploitation results in complete system compromise with confidentiality, integrity, and availability impact. | HIGH | 7.2 | 0.1% | 36 |
No patch
|
| CVE-2025-62439 | vulnerability in Fortinet FortiOS 7.6.0 versions up to 7.6.4 contains a vulnerability that allows attackers to an authenticated user with knowledge of FSSO policy configurations to gain unaut (CVSS 4.2). | MEDIUM | 4.2 | 0.0% | 31 |
No patch
|
| CVE-2025-68686 | An Exposure of Sensitive Information to an Unauthorized Actor vulnerability [CWE-200] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.1, FortiOS 7.4.0 through 7.4.6, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions may allow a remote unauthenticated attacker to bypass the patch developed for the symbolic link persistency mechanism observed in some post-exploit cases, via crafted HTTP requests. [CVSS 5.9 MEDIUM] | MEDIUM | 5.9 | 0.0% | 30 |
No patch
|
| CVE-2026-25815 | Fortinet FortiOS versions up to 7.6.6 contains a vulnerability that allows attackers to decrypt LDAP credentials stored in device configuration files, as exploited in t (CVSS 3.2). | LOW | 3.2 | 0.0% | 16 |
No patch
|