EIP-2026-100329
PRE-CVEFortinet FortiWeb Web Application Firewall - Policy Bypass
Title source: legacyExploitation Summary
EIP tracks 1 public exploit for EIP-2026-100329. PoCs published by Geffrey Velasquez.
AI-analyzed exploit summary The document describes a policy bypass vulnerability in Fortinet FortiWeb where large POST or GET requests exceeding 2399 bytes evade WAF inspection, potentially leading to information disclosure or injection attacks.
Description
Fortinet FortiWeb Web Application Firewall - Policy Bypass
Exploits (1)
exploitdb
WRITEUP
by Geffrey Velasquez · textwebappsasp
https://www.exploit-db.com/exploits/18840
The document describes a policy bypass vulnerability in Fortinet FortiWeb where large POST or GET requests exceeding 2399 bytes evade WAF inspection, potentially leading to information disclosure or injection attacks.
Classification
Writeup 90%
Attack Type
Info Leak | Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target:
Fortinet FortiWeb (versions up to 2012-05-02)
No auth needed
Prerequisites:
Access to the target FortiWeb instance · Ability to send crafted HTTP requests
mistral-large-3 · analyzed Feb 16, 2026
Full analysis →
Details
Status
pre_cve
Tracked Since
Feb 18, 2026