Fortinet

FortiOS

266 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.8

CVE-2025-55018

  • EPSS 0.08%
  • Veröffentlicht 10.02.2026 15:39:12
  • Zuletzt bearbeitet 23.02.2026 14:02:30

An inconsistent interpretation of http requests ('http request smuggling') vulnerability in Fortinet FortiOS 7.6.0, FortiOS 7.4.0 through 7.4.9, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4.3 through 6.4.16 may allow an unauthenti...

4.2

CVE-2025-62439

  • EPSS 0.02%
  • Veröffentlicht 10.02.2026 15:39:12
  • Zuletzt bearbeitet 10.02.2026 21:52:01

An Improper Verification of Source of a Communication Channel vulnerability [CWE-940] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.4, FortiOS 7.4.0 through 7.4.9, FortiOS 7.2 all versions, FortiOS 7.0 all versions may allow an authenticated us...

7.2

CVE-2025-64157

Medienbericht
  • EPSS 0.02%
  • Veröffentlicht 10.02.2026 15:39:12
  • Zuletzt bearbeitet 12.02.2026 14:50:32

A use of externally-controlled format string vulnerability in Fortinet FortiOS 7.6.0 through 7.6.4, FortiOS 7.4.0 through 7.4.9, FortiOS 7.2.0 through 7.2.11, FortiOS 7.0 all versions allows an authenticated admin to execute unauthorized code or comm...

5.9

CVE-2025-68686

  • EPSS 0.03%
  • Veröffentlicht 10.02.2026 15:39:12
  • Zuletzt bearbeitet 12.02.2026 14:49:23

An Exposure of Sensitive Information to an Unauthorized Actor vulnerability [CWE-200] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.1, FortiOS 7.4.0 through 7.4.6, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions may...

8.1

CVE-2026-22153

Medienbericht
  • EPSS 0.06%
  • Veröffentlicht 10.02.2026 15:39:12
  • Zuletzt bearbeitet 12.02.2026 16:03:10

An Authentication Bypass by Primary Weakness vulnerability [CWE-305] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.4 may allow an unauthenticated attacker to bypass LDAP authentication of Agentless VPN or FSSO policy, when the remote LDAP serve...

3.2

CVE-2026-25815

  • EPSS 0%
  • Veröffentlicht 05.02.2026 21:14:09
  • Zuletzt bearbeitet 06.02.2026 15:14:47

Fortinet FortiOS through 7.6.6 allows attackers to decrypt LDAP credentials stored in device configuration files, as exploited in the wild from 2025-12-16 through 2026 (by default, the encryption key is the same across all customers' installations). ...

9.8

CVE-2026-24858

Warnung Medienbericht
  • EPSS 2.38%
  • Veröffentlicht 27.01.2026 19:18:23
  • Zuletzt bearbeitet 29.01.2026 13:16:51

An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.5, FortiAnalyzer 7.4.0 through 7.4.9, FortiAnalyzer 7.2.0 through 7.2.11, FortiAnalyzer 7.0.0 through 7.0.15...

9.8

CVE-2025-25249

Medienbericht
  • EPSS 0.01%
  • Veröffentlicht 13.01.2026 16:32:35
  • Zuletzt bearbeitet 23.02.2026 09:16:29

A heap-based buffer overflow vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2.0 through 7.2.11, FortiOS 7.0.0 through 7.0.17, FortiOS 6.4 all versions, FortiSwitchManager 7.2.0 through 7.2.6, FortiSwitch...

4.4

CVE-2024-40593

  • EPSS 0.01%
  • Veröffentlicht 11.12.2025 14:10:08
  • Zuletzt bearbeitet 12.12.2025 18:28:55

A key management errors vulnerability in Fortinet FortiAnalyzer 7.4.0 through 7.4.2, FortiAnalyzer 7.2.0 through 7.2.5, FortiAnalyzer 7.0 all versions, FortiAnalyzer 6.4 all versions, FortiManager 7.4.0 through 7.4.2, FortiManager 7.2.0 through 7.2.5...

6.6

CVE-2024-47570

  • EPSS 0.07%
  • Veröffentlicht 09.12.2025 17:20:42
  • Zuletzt bearbeitet 10.12.2025 20:32:21

An insertion of sensitive information into log file vulnerability [CWE-532] in FortiOS 7.4.0 through 7.4.3, 7.2.0 through 7.2.7, 7.0 all versions; FortiProxy 7.4.0 through 7.4.3, 7.2.0 through 7.2.11; FortiPAM 1.4 all versions, 1.3 all versions, 1.2 ...