PSIRT watch for FortiGate, FortiManager, FortiOS, and related products.
Tracked items
Active or featured
Vendor
Vendor incident stream
Use this vendor page to review the latest official watch items, compare activity against your environment, and decide whether the next step is an assessment, service-owner conversation, or direct remediation planning.
Fortinet FortiClient EMS contains an improper access control vulnerability that may allow an unauthenticated attacker to execute unauthorized code or commands via crafted requests.
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. Due date: 2026-04-09.
CVSSv3 Score: 9.1 An Improper Access Control vulnerability [CWE-284] in FortiClient EMS may allow an unauthenticated attacker to execute unauthorized code or commands via crafted requests.Fortinet has observed this to be exploited in the wild and urges vulnerable customers to install the hotfix for FortiClient EMS 7.4.5 and 7.4.6, by following the instructions at:https://docs.fortinet.com/document/forticlient/7.4.5/ems-release-notes/832484 - for FortiClientEMS 7.4.5https://docs.fortinet.com/document/forticlient/7.4.6/ems-release-notes/832484 - for FortiClientEMS 7.4.6Upcoming FortiClientEMS 7.4.7 will also include a fix for this issue. In the meantime the hotfix above is sufficient to prevent it entirely. Revised on 2026-04-04 00:00:00
Review the official advisory, map affected products against managed client environments, and determine whether patching or temporary mitigation is required.
An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability [CWE-22] vulnerability in Fortinet FortiSOAR Agent Communication Bridge 1.1.0, FortiSOAR Agent Communication Bridge 1.0 all versions may allow an unauthenticated attacker to read files accessible to the fortisoar user on a system where the agent is deployed, via sending a crafted request to the agent port.
Review the official advisory, map affected products against managed client environments, and determine whether patching or temporary mitigation is required.
CVSSv3 Score: 7.3 An Improper Control of Interaction Frequency vulnerability [CWE-799] in FortiWeb may allow a remote unauthenticated attacker to bypass the authentication rate-limit via crafted requests. The success of the attack depends on the attacker's resources and the password target complexity. Revised on 2026-03-10 00:00:00
Review the official advisory, map affected products against managed client environments, and determine whether patching or temporary mitigation is required.
CVSSv3 Score: 7.0 A Stack-based Buffer Overflow vulnerability [CWE-121] in FortiManager fgtupdates service may allow a remote unauthenticated attacker to execute unauthorized commands via crafted requests, if the service is enabled. The success of the attack depends on the ability to bypass the stack protection mechanisms. Revised on 2026-03-10 00:00:00
Review the official advisory, map affected products against managed client environments, and determine whether patching or temporary mitigation is required.
CVSSv3 Score: 7.7 A Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability [CWE-120] in FortiSwitchAXFixed may allow an unauthenticated attacker within the same adjacent network to execute unauthorized code or commands on the device via sending a crafted LLDP packet. Revised on 2026-03-10 00:00:00
Review the official advisory, map affected products against managed client environments, and determine whether patching or temporary mitigation is required.
CVSSv3 Score: 7.4 A UNIX symbolic link (Symlink) Following vulnerability [CWE-61] in FortiClientLinux may allow a local and unprivileged user to escalate their privileges to root. Revised on 2026-03-10 00:00:00
Review the official advisory, map affected products against managed client environments, and determine whether patching or temporary mitigation is required.
CVSSv3 Score: 6.5 A use of externally-controlled format string vulnerability [CWE-134] in FortiAnalyzer, FortiAnalyzer Cloud, FortiManager and FortiManager Cloud fazsvcd daemon may allow a remote privileged attacker with admin profile to execute arbitrary code or commands via specially crafted requests. Revised on 2026-03-10 00:00:00
Review the official advisory, map affected products against managed client environments, and determine whether patching or temporary mitigation is required.
CVSSv3 Score: 6.8 An authentication bypass using an alternate path or channel vulnerability [CWE-288] in FortiManager and FortiAnalyzer multifactor authentication may allow an attacker with knowledge of the admins password to bypass multifactor authentication checks via submitting multiple crafted requests. Revised on 2026-03-10 00:00:00
Review the official advisory, map affected products against managed client environments, and determine whether patching or temporary mitigation is required.
CVSSv3 Score: 6.7 An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78] in FortiSandbox Cloud and FortiSandbox PaaS WEB UI may allow a privileged attacker with super-admin profile and CLI access to execute unauthorized code or commands via crafted HTTP requests. Revised on 2026-03-26 00:00:00
Review the official advisory, map affected products against managed client environments, and determine whether patching or temporary mitigation is required.
CVSSv3 Score: 6.3 An improper certificate validation [CWE-295] vulnerability in the FortiManager GUI may allow a remote unauthenticated attacker to view confidential information via a man in the middle [MiTM] attack. Revised on 2026-03-10 00:00:00
Review the official advisory, map affected products against managed client environments, and determine whether patching or temporary mitigation is required.
CVSSv3 Score: 4.1 An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') [CWE-79] in FortiSIEM's error page may allow a remote unauthenticated attacker to provide arbitrary data enabling a social engineering attack via spoofed URL parameters. Revised on 2026-03-10 00:00:00
Review the official advisory, map affected products against managed client environments, and determine whether patching or temporary mitigation is required.
CVSSv3 Score: 4.6 An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability [CWE-79] in FortiSandbox LDAP Server feature may allow an authenticated privileged attacker to execute code via crafted requests. Revised on 2026-03-10 00:00:00
Review the official advisory, map affected products against managed client environments, and determine whether patching or temporary mitigation is required.
CVSSv3 Score: 5.1 An Improper Access Control vulnerability [CWE-284] in FortiSwitchAXFixed may allow an authenticated admin to execute system commands via a specifically crafted SSH config file. Revised on 2026-03-10 00:00:00
Review the official advisory, map affected products against managed client environments, and determine whether patching or temporary mitigation is required.
CVSSv3 Score: 6.4 An Inclusion of Undocumented Features [CWE-1242] in FortiManager and FortiAnalyzer CLI may allow a remote authenticated read-only admin with CLI access to escalate their privilege via use of a hidden command. Revised on 2026-03-10 00:00:00
Review the official advisory, map affected products against managed client environments, and determine whether patching or temporary mitigation is required.
CVSSv3 Score: 5.9 A Stack-based Buffer Overflow vulnerability [CWE-121] in FortiWeb may allow a remote authenticated attacker to execute arbitrary code or commands via crafted HTTP requests. Success of the attack is conditioned to bypassing stack protection and ASLR. Revised on 2026-03-10 00:00:00
Review the official advisory, map affected products against managed client environments, and determine whether patching or temporary mitigation is required.
CVSSv3 Score: 6.7 An OS Command Injection vulnerability [CWE-78] in FortiWeb API may allow an authenticated attacked to execute arbitrary commands via a specialy crafted HTTP request. Revised on 2026-03-10 00:00:00
Review the official advisory, map affected products against managed client environments, and determine whether patching or temporary mitigation is required.
CVSSv3 Score: 5.5 An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability [CWE-22] in FortiSOAR Agent Connector Bridge may allow an unauthenticated attacker to read files accessible to the fortisoar user on the system where the agent is deployed, via sending a crafted request to the agent port. Revised on 2026-03-10 00:00:00
Review the official advisory, map affected products against managed client environments, and determine whether patching or temporary mitigation is required.
CVSSv3 Score: 5.9 A Stack-based Buffer Overflow vulnerability [CWE-121] in FortiWeb may allow a remote authenticated attacker who can bypass stack protection and ASLR to execute arbitrary code or commands via crafted HTTP requests. Revised on 2026-03-10 00:00:00
Review the official advisory, map affected products against managed client environments, and determine whether patching or temporary mitigation is required.
CVSSv3 Score: 6.0 An Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability [CWE-88] in FortiDeceptor WEBUI may allow a privileged attacker with super-admin profile and CLI access to delete sensitive files via crafted HTTP requests. Revised on 2026-03-10 00:00:00
Review the official advisory, map affected products against managed client environments, and determine whether patching or temporary mitigation is required.
ITECS response pathways
The vendor watch page is designed to support your broader cybersecurity architecture, not replace it, so these links point back into the service-owner and resource pages that already carry core commercial authority.
Use the managed firewall services pathway when this vendor alert needs an ITECS-managed response plan.
Connect the vendor watch page to broader managed detection, response, and governance planning.
Translate current watch items into a faster risk snapshot and prioritized remediation plan.
Review proof-driven material that supports continuity, resilience, and security decision-making.
Use the resource library for longer-form guidance, vendor analysis, and implementation context.
Return to the hub for cross-vendor prioritization, live filtering, and broader MSP threat context.
Vendor watch FAQ
It is the Fortinet-specific view inside ITECS Threat Radar, built to track recent advisories, incidents, and watch items that may affect Dallas-area business operations.
Use it to confirm whether current Fortinet issues overlap with your environment, prioritize remediation, and decide whether you need an assessment, managed security follow-through, or vendor-specific hardening work.
Yes. ITECS can help map Fortinet advisories against your systems, validate affected services, prioritize remediation, and connect the issue to broader managed cybersecurity or managed IT workflows.