{"api_version":"1","generated_at":"2026-07-15T06:09:55+00:00","cve":"CVE-2026-23573","urls":{"html":"https://cve.report/CVE-2026-23573","api":"https://cve.report/api/cve/CVE-2026-23573.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2026-23573","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2026-23573"},"summary":{"title":"CVE-2026-23573","description":"An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability [CWE-79] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.6, FortiOS 7.4 all versions, FortiOS 7.2 all versions, FortiPAM 1.8.0, FortiPAM 1.7 all versions, FortiPAM 1.6 all versions, FortiPAM 1.5 all versions, FortiPAM 1.4 all versions, FortiPAM 1.3 all versions, FortiPAM 1.2 all versions, FortiPAM 1.1 all versions, FortiPAM 1.0 all versions, FortiProxy 7.4.0 through 7.4.3, FortiProxy 7.2.0 through 7.2.9 may allow an authenticated remote user to execute code or commands via crafted requests.","state":"PUBLISHED","assigner":"fortinet","published_at":"2026-07-14 16:16:51","updated_at":"2026-07-14 20:23:16"},"problem_types":["CWE-79","CWE-79 Execute unauthorized code or commands"],"metrics":[{"version":"3.1","source":"psirt@fortinet.com","type":"Secondary","score":"6.1","severity":"MEDIUM","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"}},{"version":"3.1","source":"CNA","type":"CVSS","score":"6.1","severity":"MEDIUM","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:P/RL:O/RC:C","data":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":6.1,"baseSeverity":"MEDIUM","confidentialityImpact":"LOW","integrityImpact":"LOW","privilegesRequired":"NONE","scope":"CHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:P/RL:O/RC:C","version":"3.1"}}],"references":[{"url":"https://fortiguard.fortinet.com/psirt/FG-IR-26-150","name":"https://fortiguard.fortinet.com/psirt/FG-IR-26-150","refsource":"psirt@fortinet.com","tags":["Vendor Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-23573","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-23573","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"Fortinet","product":"FortiOS","version":"affected 7.6.0 7.6.6 semver","platforms":[]},{"source":"CNA","vendor":"Fortinet","product":"FortiOS","version":"affected 7.4.0 7.4.12 semver","platforms":[]},{"source":"CNA","vendor":"Fortinet","product":"FortiOS","version":"affected 7.2.0 7.2.13 semver","platforms":[]},{"source":"CNA","vendor":"Fortinet","product":"FortiOS","version":"affected 7.0.0 7.0.19 semver","platforms":[]},{"source":"CNA","vendor":"Fortinet","product":"FortiOS","version":"affected 6.4.0 6.4.16 semver","platforms":[]},{"source":"CNA","vendor":"Fortinet","product":"FortiProxy","version":"affected 7.4.0 7.4.3 semver","platforms":[]},{"source":"CNA","vendor":"Fortinet","product":"FortiProxy","version":"affected 7.2.0 7.2.9 semver","platforms":[]},{"source":"CNA","vendor":"Fortinet","product":"FortiProxy","version":"affected 7.0.0 7.0.16 semver","platforms":[]},{"source":"CNA","vendor":"Fortinet","product":"FortiPAM","version":"affected 1.8.0","platforms":[]},{"source":"CNA","vendor":"Fortinet","product":"FortiPAM","version":"affected 1.7.0 1.7.2 semver","platforms":[]},{"source":"CNA","vendor":"Fortinet","product":"FortiPAM","version":"affected 1.6.0 1.6.2 semver","platforms":[]},{"source":"CNA","vendor":"Fortinet","product":"FortiPAM","version":"affected 1.5.0 1.5.1 semver","platforms":[]},{"source":"CNA","vendor":"Fortinet","product":"FortiPAM","version":"affected 1.4.0 1.4.3 semver","platforms":[]},{"source":"CNA","vendor":"Fortinet","product":"FortiPAM","version":"affected 1.3.0 1.3.1 semver","platforms":[]},{"source":"CNA","vendor":"Fortinet","product":"FortiPAM","version":"affected 1.2.0","platforms":[]},{"source":"CNA","vendor":"Fortinet","product":"FortiPAM","version":"affected 1.1.0 1.1.2 semver","platforms":[]},{"source":"CNA","vendor":"Fortinet","product":"FortiPAM","version":"affected 1.0.0 1.0.3 semver","platforms":[]}],"timeline":[],"solutions":[{"source":"CNA","title":"","value":"Upgrade to FortiOS version 8.0.0 or above\nUpgrade to FortiOS version 7.6.7 or above\nUpgrade to FortiProxy version 7.4.4 or above\nUpgrade to FortiProxy version 7.2.10 or above\nUpgrade to FortiProxy version 7.0.17 or above\nUpgrade to FortiPAM version 1.9.0 or above\nUpgrade to FortiPAM version 1.8.1 or above\nFortinet remediated this issue in FortiSASE version 26.1.1 and hence customers do not need to perform any action.\nUpgrade to FortiSwitchManager version 7.2.5 or above\nUpgrade to FortiSwitchManager version 7.0.3 or above","time":"","lang":"en"}],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2026","cve_id":"23573","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"fortinet","cpe5":"fortiproxy","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"metrics":[{"other":{"content":{"id":"CVE-2026-23573","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","timestamp":"2026-07-14T15:57:48.078417Z","version":"2.0.3"},"type":"ssvc"}}],"providerMetadata":{"dateUpdated":"2026-07-14T16:02:17.037Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"title":"CISA ADP Vulnrichment"}],"cna":{"affected":[{"cpes":["cpe:2.3:o:fortinet:fortios:7.6.6:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.6.5:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.6.4:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.6.3:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.6.2:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.6.1:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.6.0:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.4.12:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.4.11:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.4.10:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.4.9:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.4.8:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.4.7:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.4.6:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.4.5:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.4.4:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.4.3:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.4.2:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.4.1:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.2.13:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.2.12:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.2.11:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.2.10:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.2.9:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.2.8:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.2.7:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.2.6:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.2.5:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.2.4:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.2.3:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.2.2:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.2.1:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.19:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.18:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.17:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.16:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.15:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.14:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.13:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.12:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.11:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.10:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.9:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.8:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.7:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.6:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.5:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.4:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.3:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.2:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.1:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.16:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.15:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.14:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.13:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.12:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.11:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.10:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.9:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.8:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.7:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.6:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.5:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.4:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.3:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.2:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.1:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.0:*:*:*:*:*:*:*"],"defaultStatus":"unaffected","product":"FortiOS","vendor":"Fortinet","versions":[{"lessThanOrEqual":"7.6.6","status":"affected","version":"7.6.0","versionType":"semver"},{"lessThanOrEqual":"7.4.12","status":"affected","version":"7.4.0","versionType":"semver"},{"lessThanOrEqual":"7.2.13","status":"affected","version":"7.2.0","versionType":"semver"},{"lessThanOrEqual":"7.0.19","status":"affected","version":"7.0.0","versionType":"semver"},{"lessThanOrEqual":"6.4.16","status":"affected","version":"6.4.0","versionType":"semver"}]},{"cpes":["cpe:2.3:a:fortinet:fortiproxy:7.4.3:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.4.2:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.4.1:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.4.0:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.2.9:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.2.8:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.2.7:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.2.6:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.2.5:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.2.4:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.2.3:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.2.2:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.2.1:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.2.0:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.16:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.15:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.14:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.13:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.12:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.11:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.10:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.9:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.8:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.7:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.6:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.5:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.4:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.3:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.2:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.1:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.0:*:*:*:*:*:*:*"],"defaultStatus":"unaffected","product":"FortiProxy","vendor":"Fortinet","versions":[{"lessThanOrEqual":"7.4.3","status":"affected","version":"7.4.0","versionType":"semver"},{"lessThanOrEqual":"7.2.9","status":"affected","version":"7.2.0","versionType":"semver"},{"lessThanOrEqual":"7.0.16","status":"affected","version":"7.0.0","versionType":"semver"}]},{"cpes":["cpe:2.3:o:fortinet:fortipam:1.8.0:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortipam:1.7.2:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortipam:1.7.1:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortipam:1.7.0:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortipam:1.6.2:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortipam:1.6.1:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortipam:1.6.0:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortipam:1.5.1:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortipam:1.5.0:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortipam:1.4.3:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortipam:1.4.2:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortipam:1.4.1:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortipam:1.4.0:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortipam:1.3.1:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortipam:1.3.0:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortipam:1.2.0:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortipam:1.1.2:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortipam:1.1.1:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortipam:1.1.0:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortipam:1.0.3:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortipam:1.0.2:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortipam:1.0.1:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortipam:1.0.0:*:*:*:*:*:*:*"],"defaultStatus":"unaffected","product":"FortiPAM","vendor":"Fortinet","versions":[{"status":"affected","version":"1.8.0"},{"lessThanOrEqual":"1.7.2","status":"affected","version":"1.7.0","versionType":"semver"},{"lessThanOrEqual":"1.6.2","status":"affected","version":"1.6.0","versionType":"semver"},{"lessThanOrEqual":"1.5.1","status":"affected","version":"1.5.0","versionType":"semver"},{"lessThanOrEqual":"1.4.3","status":"affected","version":"1.4.0","versionType":"semver"},{"lessThanOrEqual":"1.3.1","status":"affected","version":"1.3.0","versionType":"semver"},{"status":"affected","version":"1.2.0"},{"lessThanOrEqual":"1.1.2","status":"affected","version":"1.1.0","versionType":"semver"},{"lessThanOrEqual":"1.0.3","status":"affected","version":"1.0.0","versionType":"semver"}]}],"descriptions":[{"lang":"en","value":"An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability [CWE-79] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.6, FortiOS 7.4 all versions, FortiOS 7.2 all versions, FortiPAM 1.8.0, FortiPAM 1.7 all versions, FortiPAM 1.6 all versions, FortiPAM 1.5 all versions, FortiPAM 1.4 all versions, FortiPAM 1.3 all versions, FortiPAM 1.2 all versions, FortiPAM 1.1 all versions, FortiPAM 1.0 all versions, FortiProxy 7.4.0 through 7.4.3, FortiProxy 7.2.0 through 7.2.9 may allow an authenticated remote user to execute code or commands via crafted requests."}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":6.1,"baseSeverity":"MEDIUM","confidentialityImpact":"LOW","integrityImpact":"LOW","privilegesRequired":"NONE","scope":"CHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:P/RL:O/RC:C","version":"3.1"},"format":"CVSS"}],"problemTypes":[{"descriptions":[{"cweId":"CWE-79","description":"Execute unauthorized code or commands","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-07-14T15:19:47.183Z","orgId":"6abe59d8-c742-4dff-8ce8-9b0ca1073da8","shortName":"fortinet"},"references":[{"name":"https://fortiguard.fortinet.com/psirt/FG-IR-26-150","url":"https://fortiguard.fortinet.com/psirt/FG-IR-26-150"}],"solutions":[{"lang":"en","value":"Upgrade to FortiOS version 8.0.0 or above\nUpgrade to FortiOS version 7.6.7 or above\nUpgrade to FortiProxy version 7.4.4 or above\nUpgrade to FortiProxy version 7.2.10 or above\nUpgrade to FortiProxy version 7.0.17 or above\nUpgrade to FortiPAM version 1.9.0 or above\nUpgrade to FortiPAM version 1.8.1 or above\nFortinet remediated this issue in FortiSASE version 26.1.1 and hence customers do not need to perform any action.\nUpgrade to FortiSwitchManager version 7.2.5 or above\nUpgrade to FortiSwitchManager version 7.0.3 or above"}]}},"cveMetadata":{"assignerOrgId":"6abe59d8-c742-4dff-8ce8-9b0ca1073da8","assignerShortName":"fortinet","cveId":"CVE-2026-23573","datePublished":"2026-07-14T15:19:47.183Z","dateReserved":"2026-01-14T14:46:20.539Z","dateUpdated":"2026-07-14T16:02:17.037Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2026-07-14 16:16:51","lastModifiedDate":"2026-07-14 20:23:16","problem_types":["CWE-79","CWE-79 Execute unauthorized code or commands"],"metrics":{"cvssMetricV31":[{"source":"psirt@fortinet.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-14T15:57:48.078417Z","id":"CVE-2026-23573","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*","versionStartIncluding":"7.2.0","versionEndExcluding":"7.2.10","matchCriteriaId":"EDFFA2C3-0A23-4884-B751-785BE598DFF3"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*","versionStartIncluding":"7.4.0","versionEndExcluding":"7.4.4","matchCriteriaId":"3F2C29AD-A11F-4A5F-8BB0-8600D5F77E72"},{"vulnerable":true,"criteria":"cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*","versionStartIncluding":"7.2.0","versionEndExcluding":"7.6.7","matchCriteriaId":"ED19CCEA-A3FA-46D3-BEC0-3F03B05F2528"},{"vulnerable":true,"criteria":"cpe:2.3:o:fortinet:fortipam:*:*:*:*:*:*:*:*","versionStartIncluding":"1.0.0","versionEndExcluding":"1.8.1","matchCriteriaId":"74B9F42A-7A0B-489C-B581-99A1009229F0"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2026","CveId":"23573","Ordinal":"1","Title":"CVE-2026-23573","CVE":"CVE-2026-23573","Year":"2026"},"notes":[{"CveYear":"2026","CveId":"23573","Ordinal":"1","NoteData":"An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability [CWE-79] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.6, FortiOS 7.4 all versions, FortiOS 7.2 all versions, FortiPAM 1.8.0, FortiPAM 1.7 all versions, FortiPAM 1.6 all versions, FortiPAM 1.5 all versions, FortiPAM 1.4 all versions, FortiPAM 1.3 all versions, FortiPAM 1.2 all versions, FortiPAM 1.1 all versions, FortiPAM 1.0 all versions, FortiProxy 7.4.0 through 7.4.3, FortiProxy 7.2.0 through 7.2.9 may allow an authenticated remote user to execute code or commands via crafted requests.","Type":"Description","Title":"CVE-2026-23573"}]}}}