Home

Description

A stack-based buffer overflow vulnerability in Fortinet FortiOS 7.4.0 through 7.4.1, FortiOS 7.2 all versions, FortiPAM 1.8.0 through 1.8.2, FortiPAM 1.7 all versions, FortiPAM 1.6 all versions, FortiPAM 1.5 all versions, FortiPAM 1.4 all versions, FortiPAM 1.3 all versions, FortiPAM 1.2 all versions, FortiPAM 1.1 all versions, FortiPAM 1.0 all versions, FortiProxy 7.4.0 through 7.4.13, FortiProxy 7.2 all versions may allow a privileged authenticated attacker who can bypass stack protection and ASLR to execute arbitrary code or commands via crafted HTTP requests.

PUBLISHED Reserved 2026-07-07 | Published 2026-07-14 | Updated 2026-07-14 | Assigner fortinet




MEDIUM: 5.9CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

Problem types

Execute unauthorized code or commands

Product status

Default status
unaffected

1.8.0 (semver)
affected

1.7.0 (semver)
affected

1.6.0 (semver)
affected

1.5.0 (semver)
affected

1.4.0 (semver)
affected

1.3.0 (semver)
affected

1.2.0
affected

1.1.0 (semver)
affected

1.0.0 (semver)
affected

Default status
unaffected

26.1.1 (semver)
affected

Default status
unaffected

7.4.0 (semver)
affected

7.2.0 (semver)
affected

Default status
unaffected

7.4.0 (semver)
affected

7.2.0 (semver)
affected

7.0.0 (semver)
affected

6.4.0 (semver)
affected

References

fortiguard.fortinet.com/psirt/FG-IR-26-148

cve.org (CVE-2026-59837)

nvd.nist.gov (CVE-2026-59837)

Download JSON