7.8
CVE-2026-24018
- EPSS 0.23%
- Veröffentlicht 10.03.2026 16:44:14
- Zuletzt bearbeitet 13.03.2026 19:04:40
- Quelle psirt@fortinet.com
- CVE-Watchlists
- Unerledigt
A UNIX symbolic link (Symlink) following vulnerability in Fortinet FortiClientLinux 7.4.0 through 7.4.4, FortiClientLinux 7.2.2 through 7.2.12 may allow a local and unprivileged user to escalate their privileges to root.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Fortinet ≫ FortiClient SwPlatformlinux Version >= 7.2.2 < 7.2.13
Fortinet ≫ FortiClient SwPlatformlinux Version >= 7.4.0 < 7.4.5
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.23% | 0.133 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| psirt@fortinet.com | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
CWE-61 UNIX Symbolic Link (Symlink) Following
The product, when opening a file or directory, does not sufficiently account for when the file is a symbolic link that resolves to a target outside of the intended control sphere. This could allow an attacker to cause the product to operate on unauthorized files.
Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
https://fortiguard.fortinet.com/psirt/FG-IR-26-083