Fortinet Discloses Path Traversal Flaw in CLI of Multiple Products
Fortinet has disclosed a path traversal vulnerability in the CLI of FortiOS, FortiPAM, FortiProxy, and FortiSwitchManager that could allow privileged attackers to write or delete arbitrary files.
Fortinet disclosed a path traversal vulnerability (CWE-22) in the command line interpreter of multiple products on April 14, 2026. The flaw, tracked as FG-IR-26-122, affects FortiOS, FortiPAM, FortiProxy, and FortiSwitchManager. A privileged attacker can exploit this vulnerability by crafting specific arguments to existing commands, enabling arbitrary file write or deletion on affected systems.
The vulnerability carries a CVSS score of 5.4, indicating moderate severity. It impacts a wide range of versions across the affected product lines. For FortiOS, versions 7.6.0 through 7.6.4, 7.4.0 through 7.4.9, and all versions of 7.2, 7.0, and 6.4 are vulnerable. FortiPAM versions 1.7.0 and all versions of 1.6 through 1.0 are affected, while version 1.8 is not vulnerable. FortiProxy versions 7.6.0 through 7.6.4, 7.4.0 through 7.4.11, and all versions of 7.2 and 7.0 are impacted. FortiSwitchManager versions 7.2.0 through 7.2.7 and 7.0.0 through 7.0.6 are also vulnerable.
Fortinet has released patches for the affected products. For FortiOS, upgrades to 7.6.5 or above, 7.4.10 or above are recommended, while versions 7.2 and earlier require migration to a fixed release. FortiPAM users should upgrade to 1.7.1 or above, or migrate older versions. FortiProxy users should upgrade to 7.6.5 or above, or 7.4.12 or above, with older versions requiring migration. FortiSwitchManager users should upgrade to 7.2.8 or above, or 7.0.7 or above.
Fortinet has also released a virtual patch named 'FG-VD-59270.0day' available in FMWP database update 25.120. This virtual patch provides an additional layer of protection for customers who cannot immediately apply the software updates. The company recommends following the upgrade path using their upgrade tool at https://docs.fortinet.com/upgrade-tool.
The vulnerability requires privileged access to exploit, which somewhat limits the attack surface. However, once an attacker gains elevated privileges, they can leverage this flaw to write or delete arbitrary files, potentially leading to system compromise, data corruption, or denial of service. The arbitrary file write capability could be used to overwrite critical system files or inject malicious code, while arbitrary file deletion could disrupt operations or remove evidence of an attack.
This disclosure follows a pattern of path traversal vulnerabilities in enterprise networking equipment, which remain a common attack vector. Organizations using affected Fortinet products should prioritize patching, especially for internet-facing systems where the risk of exploitation is higher. The availability of a virtual patch provides an interim mitigation for those unable to upgrade immediately.
Fortinet has not reported any active exploitation of this vulnerability in the wild as of the advisory date. However, given the widespread deployment of Fortinet products in enterprise and government networks, administrators should treat this advisory with urgency and apply the recommended patches or mitigations promptly.