Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.2
FortiWeb: Unauthorized Code Execution via Malicious Input
CVE-2026-40688
Summary
A critical vulnerability in FortiWeb web application firewall versions 8.0.0 to 8.0.3, 7.6.0 to 7.6.6, and 7.4.0 to 7.4.11 could allow attackers to inject malicious code, potentially taking control of the system. This means that if your business relies on FortiWeb for web security, you should update to the latest version as soon as possible to prevent unauthorized access and potential data breaches. Regularly applying software updates and patches is crucial to maintaining the security of your systems.
Original title
A out-of-bounds write vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.3, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4.0 through 7.4.11 may allow attacker to execute unauthorized code or commands...
Original description
A out-of-bounds write vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.3, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4.0 through 7.4.11 may allow attacker to execute unauthorized code or commands via <insert attack vector here>
nvd CVSS3.1
7.2
Vulnerability type
CWE-787
Out-of-bounds Write
Published: 14 Apr 2026 · Updated: 15 Apr 2026 · First seen: 15 Apr 2026