High severity7.2NVD Advisory· Published Apr 14, 2026· Updated Apr 20, 2026
CVE-2026-40688
CVE-2026-40688
Description
An out-of-bounds write vulnerability [CWE-787] vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.3, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4.0 through 7.4.11 may allow a remote privileged attacker to execute arbitrary code or command via crafted HTTP requests.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
References
1- fortiguard.fortinet.com/psirt/FG-IR-26-127nvdVendor Advisory
News mentions
1- ZDI-26-266: Fortinet FortiWeb cat_cgi_paths Out-Of-Bounds Write Remote Code Execution VulnerabilityZero Day Initiative · Apr 15, 2026