7.8

CVE-2026-24018

Medienbericht
A UNIX symbolic link (Symlink) following vulnerability in Fortinet FortiClientLinux 7.4.0 through 7.4.4, FortiClientLinux 7.2.2 through 7.2.12 may allow a local and unprivileged user to escalate their privileges to root.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
FortinetFortiClient SwPlatformlinux Version >= 7.2.2 < 7.2.13
FortinetFortiClient SwPlatformlinux Version >= 7.4.0 < 7.4.5
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.23% 0.133
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
psirt@fortinet.com 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-61 UNIX Symbolic Link (Symlink) Following

The product, when opening a file or directory, does not sufficiently account for when the file is a symbolic link that resolves to a target outside of the intended control sphere. This could allow an attacker to cause the product to operate on unauthorized files.

Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
VulnDex Intel
Media Report
11.03.2026 13:02
https://fortiguard.fortinet.com/psirt/FG-IR-26-083
Vendor Advisory