High2026-05-12
FG-IR-26-123 FortiOS CAPWAP daemon out-of-bounds write update
Fortinet disclosed a high-severity CAPWAP daemon out-of-bounds write in FortiOS that may let an attacker controlling an authenticated FortiAP, FortiExtender, or FortiSwitch gain execution privileges on a FortiGate device; it clears the bar because the impact lands on the firewall and the vendor gives exact fixed releases plus a workaround.
AffectedFortiOS 7.6.0-7.6.3, 7.4.0-7.4.8, and 7.2.0-7.2.11
Fixed version(s)FortiOS 7.6.4+, 7.4.9+, and 7.2.12+
Vendor security update2026-05-12
FG-IR-26-131 FortiAP CLI command injection security update
Fortinet disclosed a command-injection issue in FortiAP, FortiAP-U, and FortiAP-W2 CLI paths that may let an authenticated privileged attacker execute unauthorized code or commands; the advisory is worth indexing because it gives clear fixed versions for active AP trains.
AffectedFortiAP 7.6.0-7.6.2, 7.4.0-7.4.5, 7.2 all versions, 6.4 all versions; FortiAP-U 7.0.0-7.0.5; FortiAP-W2 7.4.0-7.4.4 and 7.2 all versions
Fixed version(s)FortiAP 7.6.3+, 7.4.6+; FortiAP-U 7.0.6+; FortiAP-W2 7.4.5+; older trains should migrate via Fortinet's upgrade path
Critical operational priority2025-03-31Exploited in the wild
FG-IR-24-535 authentication bypass using alternate path/channel
Fortinet disclosed an authentication bypass that could allow a remote attacker to gain super-admin privileges via crafted requests to the Node.js websocket module or crafted CSF proxy requests; the vendor said it was being exploited in the wild.
AffectedFortiOS 7.0.0-7.0.16
Fixed version(s)FortiOS 7.0.17+
Critical/High operational priority2025-01-15Exploited in the wild
FG-IR-24-015 SSL-VPN out-of-bounds write
Fortinet said an out-of-bounds write in FortiOS and FortiProxy could allow remote unauthenticated code execution via crafted HTTP requests and noted potential exploitation in the wild.
AffectedFortiOS 7.4.0-7.4.2, FortiOS 7.2.0-7.2.6, FortiOS 7.0.0-7.0.13, FortiOS 6.4.0-6.4.14
Fixed version(s)7.4.3+, 7.2.7+, 7.0.14+, 6.4.15+