EIP-2026-101278

PRE-CVE

Fortigate Firewall 2.x - dlg Admin Interface Cross-Site Scripting

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-101278. PoCs published by Maarten Hartsuijker.

AI-analyzed exploit summary This is a writeup describing multiple cross-site scripting (XSS) vulnerabilities in the FortiGate Firewall web administrative interface. The example provided demonstrates how an attacker could inject malicious script code into URI parameters to steal authentication credentials.

Description

Fortigate Firewall 2.x - dlg Admin Interface Cross-Site Scripting

Exploits (1)

exploitdb WRITEUP VERIFIED

by Maarten Hartsuijker · textremotehardware

https://www.exploit-db.com/exploits/23376

View Code ZIP pw:eip

This is a writeup describing multiple cross-site scripting (XSS) vulnerabilities in the FortiGate Firewall web administrative interface. The example provided demonstrates how an attacker could inject malicious script code into URI parameters to steal authentication credentials.

Classification

Writeup 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: FortiGate Firewall (version not specified)

No auth needed

Prerequisites: An administrative user must be enticed to follow a malicious link

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026