8.1

CVE-2026-24017

Medienbericht

EPSS 0.14%
Veröffentlicht 10.03.2026 16:44:19
Zuletzt bearbeitet 12.03.2026 17:10:26
Quelle psirt@fortinet.com
CVE-Watchlists
Login
Unerledigt
Login

An Improper Control of Interaction Frequency vulnerability [CWE-799] vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.2, FortiWeb 7.6.0 through 7.6.5, FortiWeb 7.4.0 through 7.4.10, FortiWeb 7.2.0 through 7.2.11, FortiWeb 7.0.0 through 7.0.11 may allow a remote unauthenticated attacker to bypass the authentication rate-limit via crafted requests. The success of the attack depends on the attacker's resources and the password target complexity.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

NVD 5 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Fortinet ≫ Fortiweb Version >= 7.0.0 < 7.0.12

Fortinet ≫ Fortiweb Version >= 7.2.0 < 7.2.12

Fortinet ≫ Fortiweb Version >= 7.4.0 < 7.4.11

Fortinet ≫ Fortiweb Version >= 7.6.0 < 7.6.6

Fortinet ≫ Fortiweb Version >= 8.0.0 < 8.0.3

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.14%	0.346

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
psirt@fortinet.com	8.1	2.2	5.9	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-799 Improper Control of Interaction Frequency

The product does not properly limit the number or frequency of interactions that it has with an actor, such as the number of incoming requests.

https://www.heise.de/news/Fortinet-schliesst-Brute-Force-und-Befehlsschmuggel-Luecken-in-FortiWeb-Co-11207011.html

Media Report

https://fortiguard.fortinet.com/psirt/FG-IR-26-082

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2026-24017

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-24017

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-24017

EUVD