Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.3
FortiWeb: Unauthenticated Attackers Can Access Your Network
CVE-2025-48840
Summary
FortiWeb software versions 7.0 and later have a security risk that allows hackers to access your network without being authenticated. This is a serious issue because a hacker can use this to gain unauthorized access to your network and potentially cause harm. You should update your FortiWeb software to the latest version to fix this problem.
Original title
An authentication bypass by spoofing vulnerability in Fortinet FortiWeb 7.6.0 through 7.6.3, FortiWeb 7.4.0 through 7.4.8, FortiWeb 7.2 all versions, FortiWeb 7.0 all versions may allow a remote un...
Original description
An authentication bypass by spoofing vulnerability in Fortinet FortiWeb 7.6.0 through 7.6.3, FortiWeb 7.4.0 through 7.4.8, FortiWeb 7.2 all versions, FortiWeb 7.0 all versions may allow a remote unauthenticated attacker to bypass hostname restrictions via a specially crafted request.
nvd CVSS3.1
5.3
Vulnerability type
CWE-290
Published: 10 Mar 2026 · Updated: 13 Mar 2026 · First seen: 11 Mar 2026