Home

Description

A NULL Pointer Dereference vulnerability [CWE-476] vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.2, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4 all versions, FortiWeb 7.2 all versions, FortiWeb 7.0 all versions may allow an authenticated attacker to crash the HTTP daemon via crafted HTTP requests.

PUBLISHED Reserved 2026-01-23 | Published 2026-03-10 | Updated 2026-03-12 | Assigner fortinet




LOW: 2.5CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C

Problem types

Denial of service

Product status

Default status
unaffected

8.0.0 (semver)
affected

7.6.0 (semver)
affected

7.4.0 (semver)
affected

7.2.0 (semver)
affected

7.0.0 (semver)
affected

References

fortiguard.fortinet.com/psirt/FG-IR-26-089

cve.org (CVE-2026-24641)

nvd.nist.gov (CVE-2026-24641)

Download JSON