Known Vulnerabilities for FortiOS by Fortinet
Listed below are 10 of the newest known vulnerabilities associated with "FortiOS" by "Fortinet".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-59840 json | A buffer over-read vulnerability in Fortinet FortiOS 7.6.0 through 7.6.2, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2 all versio... | Not Provided | 2026-07-14 | 2026-07-14 |
| CVE-2026-59839 json | A improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in Fortinet FortiOS 7.6.0 thro... | Not Provided | 2026-07-14 | 2026-07-14 |
| CVE-2026-59837 json | A stack-based buffer overflow vulnerability in Fortinet FortiOS 7.4.0 through 7.4.1, FortiOS 7.2 all versions, FortiPAM 1.8.0... | Not Provided | 2026-07-14 | 2026-07-14 |
| CVE-2026-24858 json | An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] vulnerability in Fortinet FortiAnalyzer 7... | Not Provided | 2026-01-27 | 2026-06-09 |
| CVE-2026-23573 json | An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability [CWE-79] vulnerability ... | Not Provided | 2026-07-14 | 2026-07-14 |
| CVE-2025-67862 json | An Internal Asset Exposed to Unsafe Debug Access Level or State vulnerability [CWE-1244] vulnerability in Fortinet FortiOS 7.... | Not Provided | 2026-06-09 | 2026-07-14 |
| CVE-2025-64157 json | A use of externally-controlled format string vulnerability in Fortinet FortiOS 7.6.0 through 7.6.4, FortiOS 7.4.0 through 7.4... | Not Provided | 2026-02-10 | 2026-05-12 |
| CVE-2025-62826 json | An Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') vulnerability [CWE-113] vulnerabilit... | Not Provided | 2026-07-14 | 2026-07-14 |
| CVE-2025-62675 json | An Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') vulnerability [CWE-113] vulnerabilit... | Not Provided | 2026-07-14 | 2026-07-14 |
| CVE-2025-62439 json | An Improper Verification of Source of a Communication Channel vulnerability [CWE-940] vulnerability in Fortinet FortiOS 7.6.0... | Not Provided | 2026-02-10 | 2026-05-12 |
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Fortinet | Fortios | 6.4.1 | |||
| Operating System | Fortinet | Fortios | 6.4.0 | |||
| Operating System | Fortinet | Fortios | 6.2.4 | |||
| Operating System | Fortinet | Fortios | 6.2.3 | |||
| Operating System | Fortinet | Fortios | 6.2.2 | |||
| Operating System | Fortinet | Fortios | 6.2.1 | |||
| Operating System | Fortinet | Fortios | 6.2.0 | |||
| Operating System | Fortinet | Fortios | 6.0.9 | |||
| Operating System | Fortinet | Fortios | 6.0.8 | |||
| Operating System | Fortinet | Fortios | 6.0.7 | |||
| Operating System | Fortinet | Fortios | 6.0.6 | |||
| Operating System | Fortinet | Fortios | 6.0.5 | |||
| Operating System | Fortinet | Fortios | 6.0.4 | |||
| Operating System | Fortinet | Fortios | 6.0.3 | |||
| Operating System | Fortinet | Fortios | 6.0.2 | |||
| Operating System | Fortinet | Fortios | 6.0.10 | |||
| Operating System | Fortinet | Fortios | 6.0.1 | |||
| Operating System | Fortinet | Fortios | 6.0.0 | |||
| Operating System | Fortinet | Fortios | 5.6.9 | |||
| Operating System | Fortinet | Fortios | 5.6.8 |