PSIRT Advisories
The following is a list of advisories for issues resolved in Fortinet products. The resolution of such issues is coordinated by the Fortinet Product Security Incident Response Team (PSIRT), a dedicated, global team that manages the receipt, investigation, and public reporting of information about security vulnerabilities and issues related to Fortinet products and services.
For details of how to raise a PSIRT Issue with Fortinet, please see our PSIRT Policy here. And, for recommended upgrade path, see our Upgrade Path Tool Table.
PSIRT
Description
Affected Products
Updated Date
Component
Discovered
Attack Type
Severity
FG-IR-26-115 Arbitrary directory delete on vmimages delete feature
CVE-2026-25691
CVE-2026-25691
An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability [CWE-22]...
FortiSandbox
5.0.5, 5.0.4, 5.0.3, 5.0.2, 5.0.1 ...
FortiSandbox Cloud
5.0.4
FortiSandbox PaaS
5.0.4
Published:
Apr 14, 2026
Apr 14, 2026
Published: Apr 14, 2026
GUI
GUI Component
Internal
Internal Discovered
Authenticated
Authenticated Attack Type
Medium
Medium
Severity
FG-IR-26-113 Credential disclosure in LDAP configuration web page.
CVE-2026-27316
CVE-2026-27316
An Insufficiently protected credentials vulnerability [CWE-522] in FortiSanbox and FortiSanbox PaaS GUI...
FortiSandbox
5.0.5, 5.0.4, 5.0.3, 5.0.2, 5.0.1 ...
FortiSandbox PaaS
23.4.4374, 23.4.4350, 23.3.4329, 23.1.4245, 22.2.4151 ...
Published:
Apr 14, 2026
Apr 14, 2026
Published: Apr 14, 2026
GUI
GUI Component
External
External Discovered
Authenticated
Authenticated Attack Type
Low
Low
Severity
FG-IR-26-121 Heap-based buffer overflow in oftpd daemon
CVE-2026-22828
CVE-2026-22828
A heap-based buffer overflow vulnerability [CWE-122] in FortiAnalyzer Cloud oftpd daemon may allow a...
FortiAnalyzer Cloud
7.6.4, 7.6.3, 7.6.2
FortiManager Cloud
7.6.4, 7.6.3, 7.6.2
Published:
Apr 14, 2026
Apr 14, 2026
Published: Apr 14, 2026
OTHERS
OTHERS Component
Internal
Internal Discovered
Unauthenticated
Unauthenticated Attack Type
High
High
Severity
FG-IR-26-125 Missing Authentication for critical function in CAPWAP daemon
CVE-2025-53847
CVE-2025-53847
A missing authentication for critical function vulnerability [CWE-306] in FortiOS and FortiSwitchManager...
FortiOS
7.6.3, 7.6.2, 7.6.1, 7.6.0, 7.4.8 ...
Published:
Apr 14, 2026
Apr 14, 2026
Published: Apr 14, 2026
OTHERS
OTHERS Component
Internal
Internal Discovered
Unauthenticated
Unauthenticated Attack Type
Medium
Medium
Severity
FG-IR-26-110 Multiple Stored XSS
CVE-2026-39812
CVE-2026-39812
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability...
FortiSandbox
5.0.5, 5.0.4, 5.0.3, 5.0.2, 5.0.1 ...
FortiSandbox PaaS
5.0.5, 5.0.4, 5.0.3, 5.0.2, 5.0.1 ...
Published:
Apr 14, 2026
Apr 14, 2026
Published: Apr 14, 2026
GUI
GUI Component
Internal
Internal Discovered
Authenticated
Authenticated Attack Type
Medium
Medium
Severity
FG-IR-26-100 OS Command Injection through API endpoint
CVE-2026-39808
CVE-2026-39808
An Improper Neutralization of Special Elements used in an OS Command ('OS command injection')...
FortiSandbox
4.4.8, 4.4.7, 4.4.6, 4.4.5, 4.4.4 ...
FortiSandbox PaaS
23.4.4374, 23.4.4350, 23.3.4329, 23.1.4245, 22.2.4151 ...
Published:
Apr 14, 2026
Apr 14, 2026
Published: Apr 14, 2026
API
API Component
Internal
Internal Discovered
Unauthenticated
Unauthenticated Attack Type
Critical
Critical
Severity
FG-IR-26-120 Path Traversal in CLI
CVE-2025-68649
CVE-2025-68649
An improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in...
FortiAnalyzer
7.6.4, 7.6.3, 7.6.2, 7.6.1, 7.6.0 ...
FortiAnalyzer Cloud
7.6.2, 7.4.7, 7.4.6, 7.4.5, 7.4.4 ...
FortiManager
7.6.4, 7.6.3, 7.6.2, 7.6.1, 7.6.0 ...
FortiManager Cloud
7.6.4, 7.6.3, 7.6.2, 7.4.7, 7.4.6 ...
Published:
Apr 14, 2026
Apr 14, 2026
Published: Apr 14, 2026
CLI
CLI Component
Internal
Internal Discovered
Authenticated
Authenticated Attack Type
Medium
Medium
Severity
FG-IR-26-122 Path Traversal in CLI
CVE-2025-61624
CVE-2025-61624
An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') [CWE-22] in the command...
FortiOS
7.6.4, 7.6.3, 7.6.2, 7.6.1, 7.6.0 ...
FortiPAM
1.7.0, 1.6.2, 1.6.1, 1.6.0, 1.5.1 ...
FortiProxy
7.6.4, 7.6.3, 7.6.2, 7.6.1, 7.6.0 ...
FortiSwitchManager
7.2.7, 7.2.6, 7.2.5, 7.2.4, 7.2.3 ...
Published:
Apr 14, 2026
Apr 14, 2026
Published: Apr 14, 2026
CLI
CLI Component
Internal
Internal Discovered
Authenticated
Authenticated Attack Type
Medium
Medium
Severity
FG-IR-26-109 Reflected XSS in Operation Center
CVE-2025-61886
CVE-2025-61886
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability...
FortiSandbox
5.0.4, 5.0.3, 5.0.2, 5.0.1, 5.0.0 ...
FortiSandbox PaaS
5.0.4, 5.0.3, 5.0.2, 5.0.1, 5.0.0 ...
Published:
Apr 14, 2026
Apr 14, 2026
Published: Apr 14, 2026
GUI
GUI Component
Internal
Internal Discovered
Unauthenticated
Unauthenticated Attack Type
Medium
Medium
Severity
FG-IR-26-111 SQL Injection via JSON RPC API
CVE-2025-61848
CVE-2025-61848
An improper neutralization of special elements used in an SQL command ('SQL injection') [CWE-89] in...
FortiAnalyzer
7.6.4, 7.6.3, 7.6.2, 7.6.1, 7.6.0 ...
FortiAnalyzer Cloud
7.6.3, 7.6.2
FortiManager
7.6.4, 7.6.3, 7.6.2, 7.6.1, 7.6.0 ...
FortiManager Cloud
7.6.4, 7.6.3, 7.6.2
Published:
Apr 14, 2026
Apr 14, 2026
Published: Apr 14, 2026
API
API Component
Internal
Internal Discovered
Authenticated
Authenticated Attack Type
Medium
Medium
Severity
FG-IR-26-112 Unauthenticated Authentication bypass and Privilege escalation in FortiSandbox
CVE-2026-39813
CVE-2026-39813
A Path Traversal vulnerability [CWE-24] in FortiSandbox JRPC API may allow an unauthenticated attacker to...
FortiSandbox
5.0.5, 5.0.4, 5.0.3, 5.0.2, 5.0.1 ...
Published:
Apr 14, 2026
Apr 14, 2026
Published: Apr 14, 2026
API
API Component
Internal
Internal Discovered
Unauthenticated
Unauthenticated Attack Type
Critical
Critical
Severity
FG-IR-26-096 OS command injection on vmimages update feature
CVE-2026-25836
CVE-2026-25836
An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')...
FortiSandbox Cloud
5.0.4
Mar 26, 2026
Published:Mar 10, 2026
Mar 26, 2026
Published: Mar 10, 2026
GUI
GUI Component
Internal
Internal Discovered
Authenticated
Authenticated Attack Type
Medium
Medium
Severity
FG-IR-26-076 OpenSSL CVE-2025-15467
CVE-2025-15467
CVE-2025-15467
CVE-2025-15467Parsing CMS AuthEnvelopedData message with maliciously crafted AEAD parameters can trigger a...
FortiAP
7.6.3, 7.6.2, 7.6.1, 7.6.0, 7.4.6 ...
FortiClientWindows
7.4.6, 7.4.5, 7.4.4, 7.4.3, 7.4.2 ...
FortiNAC-F
7.6.5, 7.6.4, 7.6.3, 7.6.2, 7.6.1 ...
Mar 13, 2026
Published:Jan 30, 2026
Mar 13, 2026
Published: Jan 30, 2026
OTHERS
OTHERS Component
Third-Party Library
Third-Party Library Discovered
Unauthenticated
Unauthenticated Attack Type
Critical
Critical
Severity
FG-IR-25-934 SSL-VPN Symlink Persistence Patch Bypass
CVE-2025-68686
CVE-2025-68686
An Exposure of Sensitive Information to an Unauthorized Actor vulnerability [CWE-200] in FortiOS SSL-VPN...
FortiOS
7.6.1, 7.6.0, 7.4.6, 7.4.5, 7.4.4 ...
Mar 12, 2026
Published:Feb 10, 2026
Mar 12, 2026
Published: Feb 10, 2026
SSL-VPN
SSL-VPN Component
External
External Discovered
Unauthenticated
Unauthenticated Attack Type
Medium
Medium
Severity
FG-IR-26-079 Authentication Lockout Bypass via Race Condition
CVE-2026-22629
CVE-2026-22629
An improper restriction of excessive authentication attempts vulnerability [CWE-307] in FortiManager and...
FortiAnalyzer
7.6.4, 7.6.3, 7.6.2, 7.6.1, 7.6.0 ...
FortiAnalyzer Cloud
7.6.2, 7.4.7, 7.4.6, 7.4.5, 7.4.4 ...
FortiManager
7.6.4, 7.6.3, 7.6.2, 7.6.1, 7.6.0 ...
FortiManager Cloud
7.6.3, 7.6.2, 7.4.7, 7.4.6, 7.4.5 ...
Published:
Mar 10, 2026
Mar 10, 2026
Published: Mar 10, 2026
GUI
GUI Component
Internal
Internal Discovered
Unauthenticated
Unauthenticated Attack Type
Low
Low
Severity