639
CVEs
65
Critical
202
High
15
KEV
49
PoC
244
Unpatched C/H
6.7%
Patch Rate
3.4%
Avg EPSS
Severity Breakdown
CRITICAL
65
HIGH
202
MEDIUM
335
LOW
37
Monthly CVE Trend
Affected Products (30)
Fortios
164
Fortiweb
83
Fortiproxy
72
Fortimanager
52
Forticlient
42
Fortianalyzer
37
Fortisandbox
23
Fortipam
19
Fortiwlm
19
Fortinet Antivirus
17
Fortimanager Cloud
17
Fortiportal
16
Fortiadc
16
Fortisiem
14
Fortimail
14
Fortimanager Firmware
14
Panda Antivirus
13
Fortiauthenticator
13
Fortivoice
12
Rising Antivirus
12
Fortianalyzer Firmware
11
Esafe
11
Fortianalyzer Cloud
10
Kaspersky Anti Virus
10
Fortiswitchmanager
10
Fortirecorder
9
Gateway
9
Fortiswitch
9
Fortisoar
9
Open Redirect
9
Top Risky CVEs
| CVE | Summary | Severity | CVSS | EPSS | Priority | Signals |
|---|---|---|---|---|---|---|
| CVE-2025-64446 | Fortinet FortiWeb contains a relative path traversal allowing unauthenticated attackers to execute administrative commands through crafted HTTP/HTTPS requests. | CRITICAL | 9.8 | 88.2% | 222 |
KEV
PoC
No patch
|
| CVE-2024-55591 | FortiOS and FortiProxy contain an authentication bypass via the Node.js websocket module allowing unauthenticated remote attackers to gain super-admin privileges through crafted requests. | CRITICAL | 9.8 | 94.2% | 213 |
KEV
PoC
No patch
|
| CVE-2025-58034 | Fortinet FortiWeb contains an authenticated OS command injection allowing privilege escalation to execute unauthorized commands on the web application firewall. | HIGH | 7.2 | 50.7% | 172 |
KEV
PoC
No patch
|
| CVE-2016-1909 | Fortinet FortiAnalyzer before 5.0.12 and 5.2.x before 5.2.5; FortiSwitch 3.3.x before 3.3.3; FortiCache 3.0.x before 3.0.8; and FortiOS 4.1.x before 4.1.11, 4.2.x before 4.2.16, 4.3.x before 4.3.17. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 78.6%. | CRITICAL | 9.8 | 78.6% | 148 |
PoC
No patch
|
| CVE-2016-6909 | Buffer overflow in the Cookie parser in Fortinet FortiOS 4.x before 4.1.11, 4.2.x before 4.2.13, and 4.3.x before 4.3.9 and FortiSwitch before 3.4.3 allows remote attackers to execute arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 63.4%. | CRITICAL | 9.8 | 63.4% | 132 |
PoC
No patch
|
| CVE-2026-21643 | A product has a SQL injection vulnerability enabling unauthenticated database compromise through improperly neutralized SQL commands. | CRITICAL | 9.8 | 0.0% | 124 |
KEV
PoC
No patch
|
| CVE-2026-35616 | Remote code execution in Fortinet FortiClientEMS versions 7.4.5 through 7.4.6 allows unauthenticated attackers to execute arbitrary code via crafted network requests. The vulnerability stems from improper access control (CWE-284) and requires no user interaction or privileges (CVSS PR:N). With a CVSS score of 9.1 (Critical) and low attack complexity, this represents a severe exposure for organizations using affected FortiClientEMS versions. The CVSS temporal metrics indicate functional exploit code exists (E:F) with an official fix available (RL:O), making this a high-priority patching target despite no confirmed active exploitation (not present in CISA KEV). | CRITICAL | 9.8 | 0.0% | 124 |
KEV
PoC
No patch
|
| CVE-2025-25256 | An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in Fortinet FortiSIEM version 7.3.0 through 7.3.1, 7.2.0 through 7.2.5, 7.1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 44.9% and no vendor patch available. | CRITICAL | 9.8 | 44.9% | 114 |
PoC
No patch
|
| CVE-2026-24858 | Fortinet FortiAnalyzer and FortiManager contain a critical authentication bypass vulnerability (CVE-2026-24858, CVSS 9.8) that allows unauthenticated remote attackers to gain administrative access through an alternate authentication path. With EPSS 2.8% but KEV listing confirming active exploitation, this vulnerability threatens the security management infrastructure that organizations rely on to protect their networks. | CRITICAL | 9.8 | 2.8% | 112 |
KEV
No patch
|
| CVE-2025-59718 | Authentication bypass in Fortinet FortiOS, FortiProxy, and FortiSwitchManager allows unauthenticated remote attackers to defeat FortiCloud SSO login by submitting a crafted SAML response, due to improper verification of the response's cryptographic signature. The flaw is confirmed actively exploited (CISA KEV), with Arctic Wolf observing malicious SSO logins in the wild, and EPSS rates it at the 93rd percentile of likelihood. Combined with a 9.8 CVSS score and CWE-347 root cause, this is a top-priority patching target for any organization running affected Fortinet management planes. | CRITICAL | 9.8 | 9.5% | 108 |
KEV
No patch
|
| CVE-2012-1461 | The Gzip file parser in AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Command Antivirus 5.2.11.5, Emsisoft Anti-Malware 5.1.0.1, F-Secure Anti-Virus 9.0.16160.0, Fortinet Antivirus 4.2.254.0, Ikarus. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 83.9% and no vendor patch available. | MEDIUM | 4.3 | 83.9% | 105 |
No patch
|
| CVE-2012-1459 | The TAR file parser in AhnLab V3 Internet Security 2011.01.18.00, Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast!. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 79.5% and no vendor patch available. | MEDIUM | 4.3 | 79.5% | 101 |
No patch
|
| CVE-2015-1880 | Cross-site scripting (XSS) vulnerability in the sslvpn login page in Fortinet FortiOS 5.2.x before 5.2.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 59.4%. | MEDIUM | 4.3 | 59.4% | 101 |
PoC
No patch
|
| CVE-2025-24472 | FortiOS and FortiProxy contain an authentication bypass allowing unauthenticated attackers with knowledge of upstream/downstream device serial numbers to gain super-admin privileges on downstream devices. | HIGH | 8.1 | 10.1% | 101 |
KEV
No patch
|
| CVE-2012-1453 | The CAB file parser in Dr.Web 5.0.2.03300, Trend Micro HouseCall 9.120.0.1004, Kaspersky Anti-Virus 7.0.0.125, Sophos Anti-Virus 4.61.0, Trend Micro AntiVirus 9.120.0.1004, McAfee Gateway (formerly. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 78.5% and no vendor patch available. | MEDIUM | 4.3 | 78.5% | 100 |
No patch
|