Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
6.6
FortiWeb: Unauthorized Code Execution via Malformed HTTP Requests
CVE-2026-30897
Summary
FortiWeb versions 7.0 and up are affected. An attacker who has authenticated access to your system could potentially inject and run malicious code. Update to a fixed version of FortiWeb to prevent this risk.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| fortinet | fortiweb | > 7.0.0 , <= 7.4.12 | – |
| fortinet | fortiweb | > 7.6.0 , <= 7.6.7 | – |
| fortinet | fortiweb | > 8.0.0 , <= 8.0.4 | – |
Original title
A stack-based buffer overflow vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.3, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4.0 through 7.4.11, FortiWeb 7.2 all versions, FortiWeb 7.0 all versio...
Original description
A stack-based buffer overflow vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.3, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4.0 through 7.4.11, FortiWeb 7.2 all versions, FortiWeb 7.0 all versions may allow a remote authenticated attacker who can bypass stack protection and ASLR to execute arbitrary code or commands via crafted HTTP requests.
nvd CVSS3.1
6.6
Vulnerability type
CWE-121
Stack-based Buffer Overflow
Published: 10 Mar 2026 · Updated: 13 Mar 2026 · First seen: 11 Mar 2026