Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
6.6
Fortinet FortiWeb: A hacker can run malicious code on the server
CVE-2026-24640
Summary
An attacker with permission to access FortiWeb can send a specially crafted request that could allow them to take control of the server. This could happen if you're using certain versions of FortiWeb. You should update to the latest version to fix this issue.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| fortinet | fortiweb | > 7.0.2 , <= 7.0.12 | – |
| fortinet | fortiweb | > 7.2.0 , <= 7.6.7 | – |
| fortinet | fortiweb | > 8.0.0 , <= 8.0.3 | – |
Original title
A Stack-based Buffer Overflow vulnerability [CWE-121] vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.2, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4 all versions, FortiWeb 7.2 all versions, For...
Original description
A Stack-based Buffer Overflow vulnerability [CWE-121] vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.2, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4 all versions, FortiWeb 7.2 all versions, FortiWeb 7.0.2 through 7.0.12 may allow a remote authenticated attacker who can bypass stack protection and ASLR to execute arbitrary code or commands via crafted HTTP requests.
nvd CVSS3.1
6.6
Vulnerability type
CWE-121
Stack-based Buffer Overflow
CWE-787
Out-of-bounds Write
Published: 10 Mar 2026 · Updated: 13 Mar 2026 · First seen: 11 Mar 2026