A stack-based buffer overflow vulnerability in Fortinet FortiOS 7.4.0 through 7.4.1, FortiOS 7.2 all versions, FortiPAM 1.8.0 through 1.8.2, FortiPAM 1.7 all versions, FortiPAM 1.6 all versions, FortiPAM 1.5 all versions, FortiPAM 1.4 all versions, FortiPAM 1.3 all versions, FortiPAM 1.2 all versions, FortiPAM 1.1 all versions, FortiPAM 1.0 all versions, FortiProxy 7.4.0 through 7.4.13, FortiProxy 7.2 all versions may allow a privileged authenticated attacker who can bypass stack protection and ASLR to execute arbitrary code or commands via crafted HTTP requests.

Project Subscriptions

Vendors Products
Fortinet Subscribe
Fortios Subscribe
Fortipam Subscribe
Fortiproxy Subscribe
Fortisase Subscribe
Advisories

No advisories yet.

Fixes

Solution

Upgrade to FortiOS version 8.0.0 or above Upgrade to FortiOS version 7.6.0 or above Upgrade to FortiOS version 7.4.2 or above Upgrade to FortiPAM version 1.9.0 or above Upgrade to FortiPAM version 1.8.3 or above Upgrade to FortiProxy version 7.6.0 or above Upgrade to FortiProxy version 7.4.14 or above


Workaround

No workaround given by the vendor.

History

Tue, 14 Jul 2026 16:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Tue, 14 Jul 2026 15:45:00 +0000

Type Values Removed Values Added
Description A stack-based buffer overflow vulnerability in Fortinet FortiOS 7.4.0 through 7.4.1, FortiOS 7.2 all versions, FortiPAM 1.8.0 through 1.8.2, FortiPAM 1.7 all versions, FortiPAM 1.6 all versions, FortiPAM 1.5 all versions, FortiPAM 1.4 all versions, FortiPAM 1.3 all versions, FortiPAM 1.2 all versions, FortiPAM 1.1 all versions, FortiPAM 1.0 all versions, FortiProxy 7.4.0 through 7.4.13, FortiProxy 7.2 all versions may allow a privileged authenticated attacker who can bypass stack protection and ASLR to execute arbitrary code or commands via crafted HTTP requests.
First Time appeared Fortinet
Fortinet fortios
Fortinet fortipam
Fortinet fortiproxy
Fortinet fortisase
Weaknesses CWE-121
CPEs cpe:2.3:a:fortinet:fortiproxy:7.2.0:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:7.2.10:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:7.2.11:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:7.2.12:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:7.2.13:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:7.2.14:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:7.2.15:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:7.2.16:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:7.2.1:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:7.2.2:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:7.2.3:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:7.2.4:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:7.2.5:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:7.2.6:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:7.2.7:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:7.2.8:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:7.2.9:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:7.4.0:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:7.4.10:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:7.4.11:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:7.4.12:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:7.4.13:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:7.4.1:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:7.4.2:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:7.4.3:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:7.4.4:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:7.4.5:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:7.4.6:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:7.4.7:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:7.4.8:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:7.4.9:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortisase:26.1.1:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortisase:26.1.2:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:6.4.0:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:6.4.10:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:6.4.11:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:6.4.12:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:6.4.13:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:6.4.14:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:6.4.15:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:6.4.16:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:6.4.1:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:6.4.2:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:6.4.3:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:6.4.4:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:6.4.5:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:6.4.6:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:6.4.7:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:6.4.8:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:6.4.9:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.0.10:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.0.11:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.0.12:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.0.13:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.0.14:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.0.15:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.0.16:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.0.17:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.0.18:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.0.19:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.0.1:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.0.2:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.0.3:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.0.4:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.0.5:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.0.6:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.0.7:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.0.8:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.0.9:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.2.10:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.2.11:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.2.12:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.2.13:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.2.1:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.2.2:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.2.3:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.2.4:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.2.5:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.2.6:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.2.7:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.2.8:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.2.9:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.4.1:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortipam:1.0.0:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortipam:1.0.1:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortipam:1.0.2:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortipam:1.0.3:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortipam:1.1.0:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortipam:1.1.1:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortipam:1.1.2:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortipam:1.2.0:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortipam:1.3.0:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortipam:1.3.1:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortipam:1.4.0:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortipam:1.4.1:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortipam:1.4.2:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortipam:1.4.3:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortipam:1.5.0:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortipam:1.5.1:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortipam:1.6.0:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortipam:1.6.1:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortipam:1.6.2:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortipam:1.7.0:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortipam:1.7.1:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortipam:1.7.2:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortipam:1.8.0:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortipam:1.8.1:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortipam:1.8.2:*:*:*:*:*:*:*
Vendors & Products Fortinet
Fortinet fortios
Fortinet fortipam
Fortinet fortiproxy
Fortinet fortisase
References
Metrics cvssV3_1

{'score': 5.9, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C'}


Projects

Sign in to view the affected projects.

cve-icon MITRE

Status: PUBLISHED

Assigner: fortinet

Published:

Updated: 2026-07-14T15:50:14.760Z

Reserved: 2026-07-07T15:21:27.537Z

Link: CVE-2026-59837

cve-icon Vulnrichment

Updated: 2026-07-14T15:50:12.443Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-14T19:15:14Z

Weaknesses