Description
A Stack-based Buffer Overflow vulnerability [CWE-121] vulnerability in Fortinet FortiManager 7.4.0 through 7.4.2, FortiManager 7.2.0 through 7.2.10, FortiManager 6.4 all versions may allow a remote unauthenticated attacker to execute unauthorized commands via crafted requests, if the service is enabled. The success of the attack depends on the ability to bypass the stack protection mechanisms.
References (1)
Core 1
Core References
Various Sources
https://fortiguard.fortinet.com/psirt/FG-IR-26-098
Scores
CVSS v3
8.1
EPSS
0.0006
EPSS Percentile
19.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-121
CWE-787
Status
published
Products (1)
fortinet/fortimanager
6.4.0 - 7.2.11
Published
Mar 10, 2026
Tracked Since
Mar 11, 2026