11
CVEs
2
Critical
2
High
0
KEV
0
PoC
4
Unpatched C/H
0.0%
Patch Rate
0.0%
Avg EPSS
Severity Breakdown
CRITICAL
2
HIGH
2
MEDIUM
6
LOW
1
Monthly CVE Trend
Affected Products (30)
Fortios
37
Fortiweb
25
Fortimanager
25
Fortianalyzer
18
Fortiproxy
16
Fortimanager Cloud
15
Forticlient
11
Fortivoice
10
Fortianalyzer Cloud
9
Fortirecorder
8
Windows
8
Fortisase
6
Fortisandbox
5
Fortimail
5
Forticlientems
5
Fortiadc
4
Fortipam
4
Fortiportal
4
Fortisiem
4
Fortideceptor
3
Fortindr
2
Forticamera Firmware
2
Fortianalyzer Big Data
2
Fortiswitchmanager
2
LDAP
2
Node.js
2
Fortiisolator
2
Fortiextender Firmware
2
Fortisoar
1
Fortisra
1
Top Risky CVEs
| CVE | Summary | Severity | CVSS | EPSS | Priority | Signals |
|---|---|---|---|---|---|---|
| CVE-2026-26083 | Remote code execution in Fortinet FortiSandbox 4.4.x through 5.0.x (on-premises, Cloud, and PaaS deployments) allows unauthenticated attackers to execute arbitrary code or commands via crafted HTTP requests. This CWE-862 missing authorization flaw affects sandbox analysis appliances across multiple deployment models with CVSS 9.8 (critical) severity. Fortinet has published vendor advisory FG-IR-26-136. No CISA KEV listing or public POC identified at time of analysis, though the trivial attack complexity (AC:L) and network vector without authentication (PR:N) indicate high exploitability if technical details emerge. | CRITICAL | 9.8 | 0.0% | 49 |
No patch
|
| CVE-2026-44277 | Critical unauthenticated access control bypass in Fortinet FortiAuthenticator versions 6.5.0-6.5.6, 6.6.0-6.6.8, 8.0.0, and 8.0.2 enables remote code execution without authentication. The CVSS score of 9.8 with AV:N/AC:L/PR:N/UI:N indicates trivial remote exploitation against default configurations. While the vendor advisory (FG-IR-26-128) confirms this vulnerability, the incomplete description placeholder ('<insert attack vector here>') suggests the advisory may contain additional details not yet published in CVE records. No public exploit code or active exploitation confirmed at time of analysis, though the authentication bypass nature and maximum CVSS scores make this a priority patching target for organizations running FortiAuthenticator. | CRITICAL | 9.8 | 0.0% | 49 |
No patch
|
| CVE-2025-53844 | Remote code execution in Fortinet FortiOS 7.2.0-7.2.11, 7.4.0-7.4.8, and 7.6.0-7.6.3 enables authenticated attackers to execute arbitrary code via malformed network packets. The out-of-bounds write vulnerability (CWE-787) affects FortiOS firewall appliances and requires only low-privilege credentials to exploit over the network. Fortinet published advisory FG-IR-26-123 confirming the vulnerability. No CISA KEV listing or public exploit code identified at time of analysis, though the straightforward network attack vector (AV:N/AC:L) suggests moderate weaponization potential once details emerge. | HIGH | 8.8 | 0.0% | 44 |
No patch
|
| CVE-2025-53681 | SQL injection in FortiMail 7.2.0-7.2.8, 7.4.0-7.4.5, and 7.6.0-7.6.3 allows authenticated privileged administrators to execute arbitrary code or commands via crafted HTTP/HTTPS requests. The vulnerability requires high-privilege authentication (administrator role) and affects all recent major versions, with exploitation confirmed possible through network-accessible admin interfaces. | HIGH | 7.2 | 0.1% | 36 |
No patch
|
| CVE-2025-53680 | OS command injection in Fortinet FortiAP, FortiAP-U, and FortiAP-W2 allows authenticated privileged attackers to execute arbitrary code via maliciously crafted CLI requests. Affected versions span FortiAP 6.4 through 7.6.2, FortiAP-U 6.2 through 7.0.5, and FortiAP-W2 7.0 through 7.4.4. The vulnerability requires high-privilege administrative access and local CLI interaction, limiting exposure to trusted insider threats or compromised management interfaces. CVSS 6.1 reflects the high impact (code execution with full system privileges) constrained by authentication and local access requirements. | MEDIUM | 6.7 | 0.1% | 34 |
No patch
|
| CVE-2025-53870 | OS command injection in Fortinet FortiAP and FortiAP-W2 access points allows authenticated administrators to execute arbitrary code or commands via specially crafted CLI commands. Affected versions span FortiAP 6.4 through 7.6.2 and FortiAP-W2 7.0 through 7.4.4. The vulnerability requires high-privilege administrative access and does not require user interaction, making it exploitable by rogue administrators or accounts with compromised credentials. No public exploit code or active exploitation has been identified at time of analysis. | MEDIUM | 6.7 | 0.1% | 34 |
No patch
|
| CVE-2026-44279 | Improper export of Android application components in Fortinet FortiToken Android 5.2, 6.1, and 6.2 allows local authenticated attackers to gain unauthorized access to sensitive information via exposed application components that lack proper access control. The vulnerability has a CVSS score of 5.0 with local attack vector and requires low privileges, enabling information disclosure without user interaction. No public exploit code has been identified, and the vulnerability is not listed in active exploitation databases at the time of analysis. | MEDIUM | 5.5 | 0.0% | 28 |
No patch
|
| CVE-2026-25088 | SQL injection in Fortinet FortiNDR 7.0 through 7.6.2 allows authenticated attackers to execute unauthorized code or commands via crafted HTTP requests. The vulnerability affects multiple versions across the 7.x branch and has an EPSS exploitation probability indicator (E:P in CVSS), suggesting feasible attack conditions despite moderate CVSS score (5.1). Patch availability and active exploitation status require confirmation from vendor advisory. | MEDIUM | 5.4 | 0.0% | 27 |
No patch
|
| CVE-2025-67604 | Denial-of-service attacks against Fortinet FortiAnalyzer and FortiManager 6.4 through 7.6.4 allow authenticated attackers to trigger system hangs via specially crafted HTTP requests that exploit a use of potentially dangerous function vulnerability (CWE-676). The crash occurs only when internal lock alignment conditions are met, making exploitation dependent on timing and system state rather than attacker control. CVSS 5.2 reflects medium severity with high attack complexity and low availability impact; active exploitation is not confirmed. | MEDIUM | 5.3 | 0.2% | 27 |
No patch
|
| CVE-2026-25690 | Argument injection in Fortinet FortiDeceptor 5.0 through 6.0.2 allows authenticated administrators with read-only permissions to read arbitrary log files via crafted HTTP requests, exposing sensitive system and audit logs. The vulnerability requires valid admin credentials but no elevated privileges, making it accessible to lower-privileged authenticated users. No public exploit code or active exploitation has been confirmed at time of analysis. | MEDIUM | 4.3 | 0.0% | 22 |
No patch
|
| CVE-2026-44278 | Fortinet FortiClient Windows versions 7.2 (all) and 7.4.0 through 7.4.2 contain a hard-coded cryptographic key vulnerability that allows high-privileged local attackers to disclose sensitive information. The vulnerability requires local access and administrator-level privileges, limiting its real-world exploitation scope to threats already present on compromised systems or malicious insiders. No public exploit code or active exploitation has been confirmed at the time of analysis. | LOW | 2.3 | 0.0% | 12 |
No patch
|