96
CVEs
9
Critical
27
High
5
KEV
5
PoC
36
Unpatched C/H
0.0%
Patch Rate
2.8%
Avg EPSS
Severity Breakdown
CRITICAL
9
HIGH
27
MEDIUM
48
LOW
12
Monthly CVE Trend
Affected Products (30)
Fortios
41
Fortimanager
27
Fortiweb
26
Command Injection
21
Fortianalyzer
20
Fortiproxy
18
Fortimanager Cloud
16
Forticlient
11
Fortivoice
10
Fortianalyzer Cloud
10
Stack Overflow
10
Fortirecorder
8
Windows
8
Fortisase
6
Fortisandbox
5
Fortimail
5
Forticlientems
5
Fortipam
5
Fortisiem
4
Fortiportal
4
Fortiadc
4
Fortiswitchmanager
3
Fortideceptor
3
Integer Overflow
3
Heap Overflow
2
Ldap
2
Fortiisolator
2
Fortindr
2
Fortianalyzer Big Data
2
Forticamera Firmware
2
Top Risky CVEs
| CVE | Summary | Severity | CVSS | EPSS | Priority | Signals |
|---|---|---|---|---|---|---|
| CVE-2026-35616 | Remote code execution in Fortinet FortiClientEMS versions 7.4.5 through 7.4.6 allows unauthenticated attackers to execute arbitrary code via crafted network requests. The vulnerability stems from improper access control (CWE-284) and requires no user interaction or privileges (CVSS PR:N). With a CVSS score of 9.1 (Critical) and low attack complexity, this represents a severe exposure for organizations using affected FortiClientEMS versions. The CVSS temporal metrics indicate functional exploit code exists (E:F) with an official fix available (RL:O), making this a high-priority patching target despite no confirmed active exploitation (not present in CISA KEV). | CRITICAL | 9.8 | 0.0% | 124 |
KEV
PoC
No patch
|
| CVE-2026-24858 | Fortinet FortiAnalyzer and FortiManager contain a critical authentication bypass vulnerability (CVE-2026-24858, CVSS 9.8) that allows unauthenticated remote attackers to gain administrative access through an alternate authentication path. With EPSS 2.8% but KEV listing confirming active exploitation, this vulnerability threatens the security management infrastructure that organizations rely on to protect their networks. | CRITICAL | 9.8 | 2.8% | 112 |
KEV
No patch
|
| CVE-2025-64155 | Fortinet FortiSIEM (6.7.0 through 7.4.0) has OS command injection via crafted TCP requests. As a SIEM, compromise gives attackers access to all security logs and the ability to suppress alerts. PoC available. | CRITICAL | 9.8 | 0.0% | 69 |
PoC
No patch
|
| CVE-2026-21643 | A product has a SQL injection vulnerability enabling unauthenticated database compromise through improperly neutralized SQL commands. | CRITICAL | 9.8 | 0.0% | 54 |
No patch
|
| CVE-2025-47855 | Fortinet FortiFone 7.0.0-7.0.1 and 3.0.13-3.0.23 allows unauthenticated attackers to download the complete device configuration via crafted HTTP/HTTPS requests. Configuration files contain credentials and network settings. | CRITICAL | 9.8 | 1.2% | 50 |
No patch
|
| CVE-2024-50562 | An Insufficient Session Expiration vulnerability [CWE-613] in FortiOS SSL-VPN version 7.6.0, version 7.4.6 and below, version 7.2.10 and below, 7.0 all versions, 6.4 all versions may allow an attacker in possession of a cookie used to log in the SSL-VPN portal to log in again, although the session has expired or was logged out. | MEDIUM | 4.8 | 0.4% | 44 |
PoC
No patch
|
| CVE-2025-52436 | An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability [CWE-79] vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.1, FortiSandbox 4.4.0 through 4.4.7, FortiSandbox 4.2 all versions, FortiSandbox 4.0 all versions may allow an unauthenticated attacker to execute commands via crafted requests. [CVSS 8.8 HIGH] | HIGH | 8.8 | 0.2% | 44 |
No patch
|
| CVE-2026-22627 | vulnerability in Fortinet FortiSwitchAXFixed 1.0.0 versions up to 1.0.1 is affected by classic buffer overflow (CVSS 8.8). | HIGH | 8.8 | 0.0% | 44 |
No patch
|
| CVE-2025-64157 | A use of externally-controlled format string vulnerability in Fortinet FortiOS 7.6.0 through 7.6.4, FortiOS 7.4.0 through 7.4.9, FortiOS 7.2.0 through 7.2.11, FortiOS 7.0 all versions allows an authenticated admin to execute unauthorized code or commands via specifically crafted configuration. [CVSS 6.7 MEDIUM] | MEDIUM | 6.7 | 0.0% | 44 |
No patch
|
| CVE-2026-24017 | Fortinet FortiWeb versions 7.0 through 8.0.2 contain an improper rate-limiting flaw that allows unauthenticated remote attackers to bypass authentication attempt restrictions through crafted requests. This vulnerability enables attackers to conduct brute-force password attacks against FortiWeb instances with reduced constraints, with success dependent on attacker resources and target password complexity. No patch is currently available for affected versions. | HIGH | 8.1 | 0.1% | 41 |
No patch
|
| CVE-2025-54820 | A Stack-based Buffer Overflow vulnerability [CWE-121] vulnerability in Fortinet FortiManager 7.4.0 through 7.4.2, FortiManager 7.2.0 through 7.2.10, FortiManager 6.4 all versions may allow a remote unauthenticated attacker to execute unauthorized commands via crafted requests, if the service is enabled. [CVSS 8.1 HIGH] | HIGH | 8.1 | 0.0% | 41 |
No patch
|
| CVE-2026-22153 | Fortios versions up to 7.6.4 contains a vulnerability that allows attackers to an unauthenticated attacker to bypass LDAP authentication of Agentless VPN or FS (CVSS 8.1). | HIGH | 8.1 | 0.0% | 41 |
No patch
|
| CVE-2025-25249 | A heap-based buffer overflow vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2.0 through 7.2.11, FortiOS 7.0.0 through 7.0.17, FortiOS 6.4 all versions, FortiSwitchManager 7.2.0 through 7.2.6, FortiSwitchManager 7.0.0 through 7.0.5 allows attacker to execute unauthorized code or commands via specially crafted packets [CVSS 8.1 HIGH] | HIGH | 8.1 | 0.0% | 41 |
No patch
|
| CVE-2025-55018 | An inconsistent interpretation of http requests ('http request smuggling') vulnerability in Fortinet FortiOS 7.6.0, FortiOS 7.4.0 through 7.4.9, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4.3 through 6.4.16 may allow an unauthenticated attacker to smuggle an unlogged http request through the firewall policies via a specially crafted header [CVSS 5.8 MEDIUM] | MEDIUM | 5.8 | 0.1% | 39 |
No patch
|
| CVE-2026-24018 | following vulnerability in Fortinet FortiClientLinux 7.4.0 versions up to 7.4.4 contains a vulnerability that allows attackers to a local and unprivileged user to escalate their privileges to root (CVSS 7.8). | HIGH | 7.8 | 0.0% | 39 |
No patch
|