170
CVEs
13
Critical
55
High
7
KEV
6
PoC
68
Unpatched C/H
0.0%
Patch Rate
2.6%
Avg EPSS
Severity Breakdown
CRITICAL
13
HIGH
55
MEDIUM
80
LOW
22
Monthly CVE Trend
Affected Products (30)
Fortios
41
Fortimanager
27
Fortiweb
26
Command Injection
21
Fortianalyzer
20
Fortiproxy
18
Fortimanager Cloud
16
Forticlient
11
Fortivoice
10
Fortianalyzer Cloud
10
Stack Overflow
10
Fortirecorder
8
Windows
8
Fortisase
6
Fortisandbox
5
Fortimail
5
Forticlientems
5
Fortipam
5
Fortisiem
4
Fortiportal
4
Fortiadc
4
Fortiswitchmanager
3
Fortideceptor
3
Integer Overflow
3
Heap Overflow
2
Ldap
2
Fortiisolator
2
Fortindr
2
Fortianalyzer Big Data
2
Forticamera Firmware
2
Top Risky CVEs
| CVE | Summary | Severity | CVSS | EPSS | Priority | Signals |
|---|---|---|---|---|---|---|
| CVE-2026-35616 | Remote code execution in Fortinet FortiClientEMS versions 7.4.5 through 7.4.6 allows unauthenticated attackers to execute arbitrary code via crafted network requests. The vulnerability stems from improper access control (CWE-284) and requires no user interaction or privileges (CVSS PR:N). With a CVSS score of 9.1 (Critical) and low attack complexity, this represents a severe exposure for organizations using affected FortiClientEMS versions. The CVSS temporal metrics indicate functional exploit code exists (E:F) with an official fix available (RL:O), making this a high-priority patching target despite no confirmed active exploitation (not present in CISA KEV). | CRITICAL | 9.8 | 0.0% | 124 |
KEV
PoC
No patch
|
| CVE-2026-24858 | Fortinet FortiAnalyzer and FortiManager contain a critical authentication bypass vulnerability (CVE-2026-24858, CVSS 9.8) that allows unauthenticated remote attackers to gain administrative access through an alternate authentication path. With EPSS 2.8% but KEV listing confirming active exploitation, this vulnerability threatens the security management infrastructure that organizations rely on to protect their networks. | CRITICAL | 9.8 | 2.8% | 112 |
KEV
No patch
|
| CVE-2025-24472 | FortiOS and FortiProxy contain an authentication bypass allowing unauthenticated attackers with knowledge of upstream/downstream device serial numbers to gain super-admin privileges on downstream devices. | HIGH | 8.1 | 10.1% | 101 |
KEV
No patch
|
| CVE-2025-64155 | Fortinet FortiSIEM (6.7.0 through 7.4.0) has OS command injection via crafted TCP requests. As a SIEM, compromise gives attackers access to all security logs and the ability to suppress alerts. PoC available. | CRITICAL | 9.8 | 0.0% | 69 |
PoC
No patch
|
| CVE-2026-21643 | A product has a SQL injection vulnerability enabling unauthenticated database compromise through improperly neutralized SQL commands. | CRITICAL | 9.8 | 0.0% | 54 |
No patch
|
| CVE-2025-47855 | Fortinet FortiFone 7.0.0-7.0.1 and 3.0.13-3.0.23 allows unauthenticated attackers to download the complete device configuration via crafted HTTP/HTTPS requests. Configuration files contain credentials and network settings. | CRITICAL | 9.8 | 1.2% | 50 |
No patch
|
| CVE-2024-48887 | A unverified password change vulnerability in Fortinet FortiSwitch GUI may allow a remote unauthenticated attacker to change admin passwords via a specially crafted request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available. | CRITICAL | 9.8 | 0.4% | 49 |
No patch
|
| CVE-2024-55590 | in Fortinet FortiIsolator version 2.4.0 versions up to 2.4.5 is affected by os command injection (CVSS 8.8). | HIGH | 8.8 | 0.4% | 44 |
No patch
|
| CVE-2024-50562 | An Insufficient Session Expiration vulnerability [CWE-613] in FortiOS SSL-VPN version 7.6.0, version 7.4.6 and below, version 7.2.10 and below, 7.0 all versions, 6.4 all versions may allow an attacker in possession of a cookie used to log in the SSL-VPN portal to log in again, although the session has expired or was logged out. | MEDIUM | 4.8 | 0.4% | 44 |
PoC
No patch
|
| CVE-2024-46662 | A improper neutralization of special elements used in a command ('command injection') in Fortinet FortiManager versions 7.4.1 through 7.4.3, FortiManager Cloud versions 7.4.1 through 7.4.3 allows. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available. | HIGH | 8.8 | 0.3% | 44 |
No patch
|
| CVE-2024-52961 | An improper neutralization of special elements used in an OS Command vulnerability [CWE-78] vulnerability in Fortinet FortiSandbox 5.0.0, FortiSandbox 4.4.0 through 4.4.6, FortiSandbox 4.2.1 through 4.2.7, FortiSandbox 4.0.0 through 4.0.5, FortiSandbox 3.2 all versions, FortiSandbox 3.1 all versions, FortiSandbox 3.0 all versions allows an authenticated attacker with at least read-only permission to execute unauthorized commands via crafted requests. [CVSS 8.8 HIGH] | HIGH | 8.8 | 0.2% | 44 |
No patch
|
| CVE-2025-52436 | An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability [CWE-79] vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.1, FortiSandbox 4.4.0 through 4.4.7, FortiSandbox 4.2 all versions, FortiSandbox 4.0 all versions may allow an unauthenticated attacker to execute commands via crafted requests. [CVSS 8.8 HIGH] | HIGH | 8.8 | 0.2% | 44 |
No patch
|
| CVE-2024-35279 | A stack-based buffer overflow [CWE-121] vulnerability in Fortinet FortiOS version 7.2.4 through 7.2.8 and version 7.4.0 through 7.4.4 allows a remote unauthenticated attacker to execute arbitrary. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available. | HIGH | 8.1 | 3.6% | 44 |
No patch
|
| CVE-2024-40591 | An incorrect privilege assignment vulnerability [CWE-266] in Fortinet FortiOS version 7.6.0, 7.4.0 through 7.4.4, 7.2.0 through 7.2.9 and before 7.0.15 allows an authenticated admin whose access. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available. | HIGH | 8.8 | 0.1% | 44 |
No patch
|
| CVE-2026-22627 | vulnerability in Fortinet FortiSwitchAXFixed 1.0.0 versions up to 1.0.1 is affected by classic buffer overflow (CVSS 8.8). | HIGH | 8.8 | 0.0% | 44 |
No patch
|