EIP-2026-100329

PRE-CVE

Fortinet FortiWeb Web Application Firewall - Policy Bypass

Title source: legacy
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-100329. PoCs published by Geffrey Velasquez.

AI-analyzed exploit summary The document describes a policy bypass vulnerability in Fortinet FortiWeb where large POST or GET requests exceeding 2399 bytes evade WAF inspection, potentially leading to information disclosure or injection attacks.

Description

Fortinet FortiWeb Web Application Firewall - Policy Bypass

Exploits (1)

exploitdb WRITEUP
by Geffrey Velasquez · textwebappsasp
https://www.exploit-db.com/exploits/18840

The document describes a policy bypass vulnerability in Fortinet FortiWeb where large POST or GET requests exceeding 2399 bytes evade WAF inspection, potentially leading to information disclosure or injection attacks.

Classification
Writeup 90%
Attack Type
Info Leak | Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: Fortinet FortiWeb (versions up to 2012-05-02)
No auth needed
Prerequisites: Access to the target FortiWeb instance · Ability to send crafted HTTP requests
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve
Tracked Since Feb 18, 2026