PSIRT Advisories
The following is a list of advisories for issues resolved in Fortinet products. The resolution of such issues is coordinated by the Fortinet Product Security Incident Response Team (PSIRT), a dedicated, global team that manages the receipt, investigation, and public reporting of information about security vulnerabilities and issues related to Fortinet products and services.
For details of how to raise a PSIRT Issue with Fortinet, please see our PSIRT Policy here. And, for recommended upgrade path, see our Upgrade Path Tool Table.
PSIRT
Description
Affected Products
Updated Date
Component
Discovered
Attack Type
Severity
FG-IR-26-143 Restricted CLI escape using Lua
CVE-2025-67862
CVE-2025-67862
An Internal Asset Exposed to Unsafe Debug Access Level or State vulnerability [CWE-1244] in FortiOS and...
FortiOS
FortiOS 7.6, FortiOS 7.4, FortiOS 7.2, FortiOS 7.0, FortiOS 6.4 ...
FortiProxy
FortiProxy 7.6, FortiProxy 7.4, FortiProxy 7.2, FortiProxy 7.0
Published:
Jun 09, 2026
Jun 09, 2026
Published: Jun 09, 2026
CLI
CLI Component
External
External Discovered
Authenticated
Authenticated Attack Type
Medium
Medium
Severity
FG-IR-26-141 Second-Order OS Command Injection via JSON Input on start vnc feature
CVE-2026-25089
CVE-2026-25089
An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in...
FortiSandbox
FortiSandbox 5.2, FortiSandbox 5.0, FortiSandbox 4.4, FortiSandbox 4.2
FortiSandbox Cloud
FortiSandbox Cloud 24, FortiSandbox Cloud 23, FortiSandbox Cloud 5.2, FortiSandbox Cloud 5.0, FortiSandbox Cloud 4.4 ...
FortiSandbox PaaS
FortiSandbox PaaS 5.2, FortiSandbox PaaS 5.0, FortiSandbox PaaS 4.4, FortiSandbox PaaS 4.2
Published:
Jun 09, 2026
Jun 09, 2026
Published: Jun 09, 2026
GUI
GUI Component
Internal
Internal Discovered
Unauthenticated
Unauthenticated Attack Type
Critical
Critical
Severity
FG-IR-24-452 Insertion of Sensitive 2FA Information in logs and debug command
CVE-2025-31514
CVE-2025-31514
An Insertion of Sensitive Information into Log File vulnerability [CWE-532] in FortiOS may allow an...
FortiOS
7.6.3, 7.6.2, 7.6.1, 7.6.0, 7.4.12 ...
FortiProxy
7.6.3, 7.6.2, 7.6.1, 7.6.0, 7.4.13 ...
Jun 08, 2026
Published:Oct 14, 2025
Jun 08, 2026
Published: Oct 14, 2025
GUI
GUI Component
External
External Discovered
Authenticated
Authenticated Attack Type
Low
Low
Severity
FG-IR-25-545 Trusted hosts bypass via SSH
CVE-2025-54821
CVE-2025-54821
An Improper Privilege Management vulnerability [CWE-269] in FortiOS, FortiProxy and FortiPAM may allow an...
FortiOS
7.6.3, 7.6.2, 7.6.1, 7.6.0, 7.4.11 ...
FortiPAM
1.6.0, 1.5.1, 1.5.0, 1.4.3, 1.4.2 ...
FortiSASE
25.2.91
May 27, 2026
Published:Nov 18, 2025
May 27, 2026
Published: Nov 18, 2025
CLI
CLI Component
External
External Discovered
Authenticated
Authenticated Attack Type
Low
Low
Severity
FG-IR-25-122 Pre-authentication Denial of Service attack in OpenSSH - CVE-2025-26466
CVE-2025-26466
CVE-2025-26466
CVE-2025-26466A flaw was found in the OpenSSH package. For each ping packet the SSH server receives, a...
FortiADC
7.6.1
FortiADCManager
7.6.0
FortiAIOps
2.1.0, 2.0.2, 2.0.1
FortiAnalyzer
7.6.2, 7.6.1, 7.6.0, 7.4.6, 7.4.5 ...
FortiAnalyzer-BigData
7.4.3, 7.4.2, 7.2.9, 7.2.8
FortiDDoS-F
7.0.4, 7.0.3, 7.0.2, 7.0.1
FortiExtender
7.6.2, 7.6.1, 7.6.0, 7.4.7, 7.4.6 ...
FortiMail
7.6.3, 7.6.2, 7.6.1, 7.6.0, 7.4.5 ...
FortiManager
7.6.2, 7.6.1, 7.6.0, 7.4.6, 7.4.5 ...
FortiNDR
7.6.1, 7.6.0, 7.4.8, 7.4.7, 7.4.6 ...
FortiSandbox
5.0.1, 5.0.0, 4.4.7, 4.4.6, 4.4.5 ...
FortiSwitch
7.6.4, 7.6.3, 7.6.2, 7.6.1, 7.6.0 ...
FortiVoice
7.2.1, 7.2.0, 7.0.7, 7.0.6, 7.0.5 ...
FortiWeb
7.6.4, 7.6.3, 7.6.2, 7.6.1, 7.6.0 ...
May 25, 2026
Published:Mar 11, 2025
May 25, 2026
Published: Mar 11, 2025
CLI
CLI Component
Third-Party Library
Third-Party Library Discovered
Unauthenticated
Unauthenticated Attack Type
Medium
Medium
Severity
FG-IR-26-131 Command injection in CLI
CVE-2025-53680
CVE-2025-53680
An improper neutralization of special elements used in an OS command ("OS Command Injection")...
FortiAP
FortiAP 7.6, FortiAP 7.4, FortiAP 7.2, FortiAP 7.0, FortiAP 6.4 ...
FortiAP-U
FortiAP-U 7.0, FortiAP-U 6.2
FortiAP-W2
FortiAP-W2 7.4, FortiAP-W2 7.2, FortiAP-W2 7.0
Published:
May 12, 2026
May 12, 2026
Published: May 12, 2026
CLI
CLI Component
Internal
Internal Discovered
Authenticated
Authenticated Attack Type
Medium
Medium
Severity
FG-IR-26-137 DoS due to unsafe function in signal handler
CVE-2025-67604
CVE-2025-67604
A use of potentially Dangerous Function vulnerability [CWE-676] in FortiAnalyzer and FortiManager API may...
FortiAnalyzer
7.6.4, 7.6.3, 7.6.2, 7.6.1, 7.6.0 ...
FortiManager
7.6.4, 7.6.3, 7.6.2, 7.6.1, 7.6.0 ...
Published:
May 12, 2026
May 12, 2026
Published: May 12, 2026
API
API Component
Internal
Internal Discovered
Authenticated
Authenticated Attack Type
Medium
Medium
Severity
FG-IR-26-136 Incorrect global authorization
CVE-2026-26083
CVE-2026-26083
A missing authorization vulnerability [CWE-862] in FortiSandbox, FortiSandbox Cloud and FortiSandbox PaaS...
FortiSandbox
FortiSandbox 5.0, FortiSandbox 4.4
FortiSandbox Cloud
FortiSandbox Cloud 24, FortiSandbox Cloud 23, FortiSandbox Cloud 5.0
FortiSandbox PaaS
FortiSandbox PaaS 23.4, FortiSandbox PaaS 23.3, FortiSandbox PaaS 23.1, FortiSandbox PaaS 22.2, FortiSandbox PaaS 22.1 ...
Published:
May 12, 2026
May 12, 2026
Published: May 12, 2026
GUI
GUI Component
Internal
Internal Discovered
Unauthenticated
Unauthenticated Attack Type
Critical
Critical
Severity
FG-IR-26-133 OS command injection in CLI
CVE-2025-53870
CVE-2025-53870
An OS command injection vulnerabtility [CWE-78] in FortiAP and FortiAP-W2 cli may allow an authenticated...
FortiAP
FortiAP 7.6, FortiAP 7.4, FortiAP 7.2, FortiAP 7.0, FortiAP 6.4 ...
FortiAP-W2
FortiAP-W2 7.4, FortiAP-W2 7.2, FortiAP-W2 7.0
Published:
May 12, 2026
May 12, 2026
Published: May 12, 2026
CLI
CLI Component
Internal
Internal Discovered
Authenticated
Authenticated Attack Type
Medium
Medium
Severity
FG-IR-26-123 Out-of-bounds access in CAPWAP daemon
CVE-2025-53844
CVE-2025-53844
An Out-Of-Bounds Write vulnerability [CWE-787] in FortiOS capwap daemon may allow an attacker controlling...
FortiOS
FortiOS 7.6, FortiOS 7.4, FortiOS 7.2
Published:
May 12, 2026
May 12, 2026
Published: May 12, 2026
OTHERS
OTHERS Component
Internal
Internal Discovered
Authenticated
Authenticated Attack Type
High
High
Severity
FG-IR-26-115 Arbitrary directory delete on vmimages delete feature
CVE-2026-25691
CVE-2026-25691
An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability [CWE-22]...
FortiSandbox
5.0.5, 5.0.4, 5.0.3, 5.0.2, 5.0.1 ...
FortiSandbox Cloud
5.0.4
FortiSandbox PaaS
5.0.4
Published:
Apr 14, 2026
Apr 14, 2026
Published: Apr 14, 2026
GUI
GUI Component
Internal
Internal Discovered
Authenticated
Authenticated Attack Type
Medium
Medium
Severity
FG-IR-26-113 Credential disclosure in LDAP configuration web page.
CVE-2026-27316
CVE-2026-27316
An Insufficiently protected credentials vulnerability [CWE-522] in FortiSanbox and FortiSanbox PaaS GUI...
FortiSandbox
5.0.5, 5.0.4, 5.0.3, 5.0.2, 5.0.1 ...
FortiSandbox PaaS
23.4.4374, 23.4.4350, 23.3.4329, 23.1.4245, 22.2.4151 ...
Published:
Apr 14, 2026
Apr 14, 2026
Published: Apr 14, 2026
GUI
GUI Component
External
External Discovered
Authenticated
Authenticated Attack Type
Low
Low
Severity
FG-IR-26-121 Heap-based buffer overflow in oftpd daemon
CVE-2026-22828
CVE-2026-22828
A heap-based buffer overflow vulnerability [CWE-122] in FortiAnalyzer Cloud oftpd daemon may allow a...
FortiAnalyzer Cloud
7.6.4, 7.6.3, 7.6.2
FortiManager Cloud
7.6.4, 7.6.3, 7.6.2
Published:
Apr 14, 2026
Apr 14, 2026
Published: Apr 14, 2026
OTHERS
OTHERS Component
Internal
Internal Discovered
Unauthenticated
Unauthenticated Attack Type
High
High
Severity
FG-IR-26-125 Missing Authentication for critical function in CAPWAP daemon
CVE-2025-53847
CVE-2025-53847
A missing authentication for critical function vulnerability [CWE-306] in FortiOS and FortiSwitchManager...
FortiOS
7.6.3, 7.6.2, 7.6.1, 7.6.0, 7.4.8 ...
Published:
Apr 14, 2026
Apr 14, 2026
Published: Apr 14, 2026
OTHERS
OTHERS Component
Internal
Internal Discovered
Unauthenticated
Unauthenticated Attack Type
Medium
Medium
Severity
FG-IR-26-110 Multiple Stored XSS
CVE-2026-39812
CVE-2026-39812
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability...
FortiSandbox
5.0.5, 5.0.4, 5.0.3, 5.0.2, 5.0.1 ...
FortiSandbox PaaS
5.0.5, 5.0.4, 5.0.3, 5.0.2, 5.0.1 ...
Published:
Apr 14, 2026
Apr 14, 2026
Published: Apr 14, 2026
GUI
GUI Component
Internal
Internal Discovered
Authenticated
Authenticated Attack Type
Medium
Medium
Severity