Home

Description

A stack-based buffer overflow vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.3, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4.0 through 7.4.11, FortiWeb 7.2 all versions, FortiWeb 7.0 all versions may allow a remote authenticated attacker who can bypass stack protection and ASLR to execute arbitrary code or commands via crafted HTTP requests.

PUBLISHED Reserved 2026-03-06 | Published 2026-03-10 | Updated 2026-03-11 | Assigner fortinet




MEDIUM: 5.9CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

Problem types

Execute unauthorized code or commands

Product status

Default status
unaffected

8.0.0 (semver)
affected

7.6.0 (semver)
affected

7.4.0 (semver)
affected

7.2.0 (semver)
affected

7.0.0 (semver)
affected

References

fortiguard.fortinet.com/psirt/FG-IR-26-093

cve.org (CVE-2026-30897)

nvd.nist.gov (CVE-2026-30897)

Download JSON