CVE-2026-24018

HIGH

FortiClientLinux 7.2.2-7.4.4 - Privilege Escalation

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2026-24018. PoCs published by febin0x10.

AI-analyzed exploit summary This repository contains a functional exploit for CVE-2026-24018, a symlink vulnerability in Fortinet FortiClientLinux. The exploit leverages a malicious shared library to escalate privileges to root by exploiting improper symlink handling.

Description

A UNIX symbolic link (Symlink) following vulnerability in Fortinet FortiClientLinux 7.4.0 through 7.4.4, FortiClientLinux 7.2.2 through 7.2.12 may allow a local and unprivileged user to escalate their privileges to root.

Exploits (1)

nomisec WORKING POC

by febin0x10 · poc

https://github.com/febin0x10/Fortinet_FortiClient_Exploit_CVE-2026-24018

View Code ZIP pw:eip

This repository contains a functional exploit for CVE-2026-24018, a symlink vulnerability in Fortinet FortiClientLinux. The exploit leverages a malicious shared library to escalate privileges to root by exploiting improper symlink handling.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: Fortinet FortiClientLinux 7.4.0 through 7.4.4, 7.2.2 through 7.2.12

No auth needed

Prerequisites: local access to the target system · FortiClientLinux installed

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1548 - Abuse Elevation Control Mechanism

devstral-2 · analyzed Apr 09, 2026 Full analysis →

References (1)

Core 1

Core References

Various Sources

https://fortiguard.fortinet.com/psirt/FG-IR-26-083

Scores

CVSS v3 7.8

EPSS 0.0002

EPSS Percentile 6.1%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-61

Status published

Products (1)

fortinet/forticlient 7.2.2 - 7.2.13

Published Mar 10, 2026

Tracked Since Mar 11, 2026