Category: Fortinet PSIRT Advisories

CVSSv3 Score: 4.2 An Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability [CWE-80] in FortiADC virtual server’s default error page may allow an unauthenticated attacker to execute...

CVSSv3 Score: 7.1 A Heap-based Buffer Overflow vulnerability [CWE-122] in FortiClient Windows may allow an authenticated local IPSec user to execute arbitrary code or commands via “fortips_74.sys” driver. The...

CVSSv3 Score: 3.9 A CRLF Header Injection vulnerability [CWE-93] in FortiMail user GUI may allow an attacker to inject headers in the response via convincing a user to click on a specifically crafted link Revised on 2025-11-18...

CVSSv3 Score: 3.8 A Cleartext Storage of Sensitive Information in Memory vulnerability [CWE-316] in FortiPAM may allow an authenticated attacker with read-write admin privileges to the CLI to obtain other administrators’...

CVSSv3 Score: 5.0 An Improper Isolation or Compartmentalization vulnerability [CWE-653] in FortiSandbox may allow an unauthenticated attacker to evade the sandboxing scan via a crafted file. Revised on 2025-11-18...

CVSSv3 Score: 5.2 An insufficiently protected credentials vulnerability [CWE-522] in FortiExtender may allow an authenticated user to obtain administrator credentials via debug log commands. Revised on 2025-11-18...

CVSSv3 Score: 3.9 An Exposure of Sensitive Information to an Unauthorized Actor vulnerability [CWE-200] in FortiADC Logs may allow an admin with read-only permission to get the external resources password via the logs of the...

CVSSv3 Score: 4.9 An active debug code vulnerability [CWE-489] in FortiClientWindows may allow a local attacker to run the application step by step and retrieve the saved VPN user password Revised on 2025-11-18...

CVSSv3 Score: 6.3 An Out-of-bounds Write vulnerability [CWE-787] in FortiADC may allow an authenticated attacker to execute arbitrary code via specially crafted HTTP requests. Revised on 2025-11-18...

CVSSv3 Score: 6.3 A buffer overflow vulnerability [CWE-120] in FortiExtender json_cli may allow an authenticated user to execute arbitrary code or commands via crafted CLI commands. Revised on 2025-11-18...

CVSSv3 Score: 6.9 A stack-based overflow vulnerability [CWE-124] in FortiOS CAPWAP daemon may allow a remote unauthenticated attacker on an adjacent network to achieve arbitrary code execution via sending specially crafted...

CVSSv3 Score: 7.7 An improper neutralization of special elements used in an SQL Command (‘SQL Injection’) vulnerability [CWE-89] in FortiVoice may allow an authenticated attacker to execute unauthorized code or...