These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
CVE-2026-44279 is a MEDIUM-severity vulnerability affecting Fortinet FortiTokenAndroid versions 5.2, 6.1, and 6.2. An improper export of android application components vulnerability may allow attackers to disclose information via an exported Content Provider URI. The vulnerability was published on May 12, 2026, and modified on June 26, 2026. The CVSS score is 5.5. Fortinet has provided a vendor advisory f [truncated]
A critical improper access control vulnerability in Fortinet FortiAuthenticator allows unauthenticated remote attackers to execute unauthorized code or commands via crafted network requests. The vulnerability affects multiple versions across the 6.5, 6.6, and 8.0 release branches, with patches available in versions 6.5.7, 6.6.9, and 8.0.3 respectively. The CVSS 3.1 score of 9.8 reflects network attack vec [truncated]
Fortinet FortiDeceptor contains an argument injection vulnerability (CWE-88) in HTTP request handling for log file access. An authenticated attacker with read-only admin privileges can craft malicious HTTP requests to read arbitrary log files on affected systems. The vulnerability stems from improper neutralization of argument delimiters in command execution contexts. This is a medium-severity information [truncated]
Fortinet disclosed a SQL injection vulnerability (CWE-89) in its FortiNDR network detection and response platform on 12 May 2026, with subsequent modification on 18 May 2026. The flaw affects multiple FortiNDR release trains: versions 7.6.0 through 7.6.2, 7.4.0 through 7.4.9, and all versions of 7.2, 7.1, and 7.0. An authenticated attacker can exploit this weakness via specially crafted HTTP requests to e [truncated]
CVE-2025-53844 is an out-of-bounds write vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2.0 through 7.2.11. This vulnerability allows an attacker to execute unauthorized code or commands via specially crafted packets. The CVSS score for this vulnerability is 8.8, indicating a high severity.
A critical path traversal vulnerability, tracked as CVE-2026-39813, has been identified in Fortinet FortiSandbox versions 5.0.0 through 5.0.5 and 4.4.0 through 4.4.8. This vulnerability allows attackers to escalate privileges via specially crafted HTTP requests. The CVSS score for this vulnerability is 9.8, indicating a critical severity level. Organizations using affected versions of FortiSandbox should [truncated]
CVE-2026-21643 affects Fortinet FortiClient EMS and is publicly listed by CISA in the Known Exploited Vulnerabilities catalog, indicating observed exploitation and a need for prompt defensive action. The supplied corpus identifies the issue as an SQL injection vulnerability, but does not provide affected version ranges or deeper technical detail. Because it is on the KEV list, organizations should treat r [truncated]
CVE-2026-35616 affects Fortinet FortiClient EMS and is described as an improper access control vulnerability. CISA added it to the Known Exploited Vulnerabilities catalog on 2026-04-06, which means federal and enterprise defenders should treat it as actively exploited and prioritize remediation. The supplied corpus does not include vendor advisory details or a technical root-cause writeup, so defenders sh [truncated]
CVE-2026-24858 is a Fortinet authentication bypass vulnerability affecting multiple products and identified by CISA as known to be exploited in the wild. CISA added it to the Known Exploited Vulnerabilities catalog on 2026-01-27 with a remediation due date of 2026-01-30, making this a near-term priority for exposed Fortinet deployments. Fortinet and CISA advise organizations to assess exposure, apply vend [truncated]
CVE-2025-59718 is a Fortinet vulnerability in multiple products involving improper verification of a cryptographic signature. CISA added it to the Known Exploited Vulnerabilities catalog on 2025-12-16 with a remediation due date of 2025-12-23, so defenders should treat it as an urgent remediation item. Because the available corpus is limited to the CVE title and KEV metadata, this debrief focuses on defen [truncated]
CVE-2025-59719 is a critical, network-exploitable authentication-bypass issue described as improper verification of a cryptographic signature in a SAML response. The supplied CVE text says an unauthenticated attacker could bypass FortiCloud SSO login authentication by sending a crafted SAML response message. Because the supplied source corpus is internally inconsistent about the affected product, this ite [truncated]
CVE-2025-58413 is described in the supplied advisory corpus as a high-severity stack-based buffer overflow associated with Siemens RUGGEDCOM APE1808. The source metadata says the flaw can allow unauthorized code or commands via specially crafted packets, and the advisory was first published on 2025-05-13 with later republication updates through 2026-02-12. The corpus also contains an internal mismatch: th [truncated]
CVE-2025-58034 is a Fortinet FortiWeb OS command injection vulnerability that CISA lists in the Known Exploited Vulnerabilities (KEV) catalog. KEV inclusion means defenders should treat this as a high-priority issue, verify whether FortiWeb is deployed in their environment, and follow vendor and CISA guidance as soon as possible.
CVE-2025-64446 is a Fortinet FortiWeb path traversal vulnerability that CISA added to its Known Exploited Vulnerabilities (KEV) catalog on 2025-11-14. The official sources in this corpus identify the affected product family and the vulnerability class, but they do not include additional technical detail or a CVSS score. Because it is in KEV, defenders should treat it as an urgent remediation item and foll [truncated]
CVE-2025-25257 is a Fortinet FortiWeb SQL injection vulnerability that CISA added to the Known Exploited Vulnerabilities catalog on 2025-07-18. That KEV status means defenders should treat it as a high-priority issue even though the supplied corpus does not include CVSS data or affected-version details.
CVE-2019-6693 is a Fortinet FortiOS vulnerability involving hard-coded credentials. CISA lists it in the Known Exploited Vulnerabilities catalog and marks it as associated with known ransomware campaign use, so exposed FortiOS systems should be treated as urgent remediation targets. Follow Fortinet's vendor guidance and CISA's required-action guidance immediately; if mitigations are unavailable, CISA advi [truncated]
CVE-2025-32756 is a Fortinet multiple-products stack-based buffer overflow vulnerability that CISA listed in the Known Exploited Vulnerabilities catalog on 2025-05-14. The public record confirms the issue name and the fact that it is known to be exploited, but the supplied sources do not provide affected product versions, exploit details, or vendor remediation specifics. Treat this as a high-priority expo [truncated]
CVE-2025-24472 is a Fortinet FortiOS and FortiProxy authentication bypass vulnerability. CISA added it to the Known Exploited Vulnerabilities catalog on 2025-03-18 and marked it as associated with known ransomware campaign use, so affected deployments should be treated as urgent.
The supplied CISA CSAF advisory for CVE-2025-58325 describes a CWE-684 "Incorrect Provision of Specified Functionality" issue with an 8.2 High CVSS score. In the CVE text, a local authenticated attacker with high privileges can execute system commands through crafted CLI commands. The same source corpus also associates the CVE with Siemens RUGGEDCOM APE1808, but the vulnerability description and remediati [truncated]
CVE-2024-48884 is described as a path traversal issue that can let an attacker trigger privilege escalation with specially crafted packets. The supplied advisory corpus is internally inconsistent, however: the CVE text names Fortinet products, while the source advisory metadata is filed under Siemens RUGGEDCOM APE1808. Treat the CVE as high priority, but verify the affected product mapping before taking r [truncated]
CVE-2024-55591 is a Fortinet FortiOS and FortiProxy authentication bypass vulnerability that CISA added to the Known Exploited Vulnerabilities catalog on 2025-01-14. Because it is a KEV-listed issue and marked as having known ransomware campaign use, organizations should treat it as an urgent remediation priority and follow Fortinet’s vendor guidance immediately.
CVE-2024-47575 is a Fortinet FortiManager missing authentication vulnerability that CISA added to the Known Exploited Vulnerabilities catalog on 2024-10-23. Because it is KEV-listed, defenders should treat it as a high-priority issue. The supplied corpus does not include vendor remediation specifics beyond CISA’s instruction to apply mitigations per vendor guidance or discontinue use of the product if mit [truncated]
CVE-2024-23113 is a Fortinet multiple-products format string vulnerability that CISA added to its Known Exploited Vulnerabilities catalog on 2024-10-09. That KEV listing means defenders should treat it as a high-priority issue. The supplied corpus does not include Fortinet’s full advisory text or affected version list, so remediation should follow the vendor guidance referenced by CISA and be applied acro [truncated]
CVE-2023-48788 is a Fortinet FortiClient EMS SQL injection vulnerability that CISA added to its Known Exploited Vulnerabilities catalog on 2024-03-25. The KEV entry marks it as actively exploited and notes known ransomware campaign use, so this issue should be treated as an urgent remediation item rather than a routine patch. CISA’s guidance is to apply vendor mitigations or discontinue use of the product [truncated]
CVE-2024-21762 is a Fortinet FortiOS out-of-bound write vulnerability that CISA added to the Known Exploited Vulnerabilities catalog on 2024-02-09. Because it is listed as known exploited, defenders should treat it as urgent and follow vendor mitigation guidance as soon as possible. CISA also marks it as associated with known ransomware campaign use.
CVE-2023-27997 is a heap-based buffer overflow in Fortinet FortiOS and FortiProxy SSL-VPN. CISA added it to the Known Exploited Vulnerabilities catalog on 2023-06-13 and set a remediation due date of 2023-07-04. Because it is publicly tracked as known exploited and flagged for known ransomware campaign use, it should be treated as an immediate patch-and-verify priority for any organization operating the a [truncated]
CVE-2022-41328 is a Fortinet FortiOS path traversal vulnerability that CISA added to the Known Exploited Vulnerabilities catalog on 2023-03-14. Because it is listed in KEV, defenders should treat it as a real-world exploited issue and prioritize vendor-guided remediation.
CVE-2022-42475 is a Fortinet FortiOS heap-based buffer overflow that CISA added to the Known Exploited Vulnerabilities catalog on 2022-12-13. The KEV listing indicates known exploitation, and CISA also marks the issue as having known ransomware campaign use. Organizations running FortiOS should treat this as an urgent patching and exposure-reduction priority.
CVE-2022-40684 is a Fortinet authentication bypass vulnerability affecting multiple products. CISA added it to the Known Exploited Vulnerabilities catalog on 2022-10-11, indicating active exploitation, and also marked it as associated with known ransomware campaign use. Fortinet and CISA both direct defenders to apply vendor updates and follow vendor remediation guidance.
CVE-2018-13374 is an improper access control issue affecting Fortinet FortiOS and FortiADC. In the supplied official records dated 2022-09-08, CISA lists the issue in its Known Exploited Vulnerabilities catalog, which means it is known to be actively exploited. CISA also marks the vulnerability as associated with known ransomware campaign use and directs organizations to apply updates per vendor instructions.
CVE-2018-13383 is an out-of-bounds write affecting Fortinet FortiOS and FortiProxy. CISA added it to the Known Exploited Vulnerabilities catalog on 2022-01-10 and marked known ransomware campaign use as "Known". Defenders should prioritize the vendor-recommended update path and verify that affected Fortinet deployments are remediated.
CVE-2018-13382 is an improper authorization weakness affecting Fortinet FortiOS and FortiProxy. CISA lists it in the Known Exploited Vulnerabilities catalog and marks it as having known ransomware campaign use, which makes it a high-priority remediation item for organizations running affected Fortinet products.
CVE-2021-44168 is a Fortinet FortiOS arbitrary file download issue that CISA has listed in its Known Exploited Vulnerabilities catalog. That makes this a high-priority remediation item for any organization running FortiOS, especially where devices are externally reachable or operationally critical. The vendor guidance referenced by CISA is to apply updates per Fortinet’s instructions.
CVE-2020-12812 is a Fortinet FortiOS SSL VPN improper authentication issue that CISA added to its Known Exploited Vulnerabilities catalog on 2021-11-03. Because CISA marked it as known exploited and noted known ransomware campaign use, organizations should treat it as an urgent remediation item and follow Fortinet’s update guidance.
CVE-2019-5591 is a Fortinet FortiOS vulnerability identified by CISA as known to be exploited and added to the Known Exploited Vulnerabilities catalog on 2021-11-03. The supplied corpus describes it as a Fortinet FortiOS default configuration vulnerability and directs defenders to apply updates per vendor instructions. Because CISA lists it in KEV, organizations using FortiOS should treat it as a high-pri [truncated]
CVE-2018-13379 is a Fortinet FortiOS SSL VPN path traversal vulnerability that CISA lists in its Known Exploited Vulnerabilities catalog. Because the official metadata also marks it as associated with known ransomware campaign use, defenders should treat exposed FortiOS SSL VPN deployments as a high-priority remediation item.
CVE-2016-8495 affects Fortinet FortiManager and is described as an improper certificate validation issue in the FortiSandbox devices probing feature. A remote attacker able to position for a man-in-the-middle attack could spoof a trusted entity, risking confidentiality and integrity for management traffic.
CVE-2016-8494 is a Fortinet Connect vulnerability in the web UI theme upload path. Because uploaded files are not sufficiently verified, an attacker with webui administrator privileges can abuse theme upload functionality to achieve arbitrary code execution. NVD rates the issue HIGH with a 7.2 CVSS score, reflecting network exposure, no user interaction, and severe confidentiality, integrity, and availabi [truncated]
CVE-2016-8492 is a Fortinet FortiGate/FortiOS information-disclosure issue tied to an ANSI X9.31 random number generator implementation. According to the CVE record and NVD, the weakness can enable unauthorized read access to data handled by the device via IPSec/TLS decryption. The CVE was published on 2017-02-08.
CVE-2016-8491 is a critical Fortinet FortiWLC weakness tied to a hardcoded account named "core." According to the NVD record, an attacker can leverage this condition to gain unauthorized read/write access via a remote shell. The issue is network-exploitable, requires no user interaction, and is rated CVSS 9.1 with high confidentiality and integrity impact.