Fortinet Patches Buffer Over-read Vulnerability in FortiOS, FortiProxy, and FortiSASE
Fortinet has released an advisory for a buffer over-read vulnerability affecting multiple products, potentially leading to memory disclosure.

Fortinet has issued a security advisory detailing a critical buffer over-read vulnerability, identified as CWE-126, present in its FortiOS, FortiProxy, and FortiSASE products. The flaw allows an authenticated remote attacker to potentially disclose sensitive device memory contents by sending a specially crafted request that manipulates the redirect response.
The vulnerability carries a CVSSv3 score of 4.1, indicating a moderate severity. While exploitation requires authentication, the potential for memory disclosure poses a significant risk to organizations utilizing these Fortinet products. The affected components include the authd and wad daemons, which are integral to the network security functions of the devices.
Fortinet has provided specific version information for affected products. For FortiOS, versions 7.6.0 through 7.6.2 and 7.4.0 through 7.4.8 are impacted, with recommendations to upgrade to 7.6.4 or later and 7.4.9 or later, respectively. All versions of FortiOS 7.2 are also affected and require migration to a fixed release. Similarly, FortiProxy versions 7.6.0 through 7.6.5 and 7.4.0 through 7.4.13 are vulnerable, with upgrades to 7.6.6 or later and 7.4.14 or later advised. FortiProxy 7.2 is also affected and requires migration.
To address the vulnerability, Fortinet recommends users upgrade to the specified fixed versions. For those unable to immediately upgrade, a virtual patch is available. The virtual patch, named "FG-VD-58646.0day," is included in FortiManager Web Protection (FMWP) database update 26.010, offering an interim solution to mitigate exploitation risks.
Fortinet has acknowledged Vang3lis and Cyth from VARAS@IIE for responsibly reporting the vulnerability through their responsible disclosure program. This collaborative effort highlights the importance of security researchers in identifying and helping to remediate potential threats before they can be widely exploited.
The timeline indicates that the initial publication of this advisory occurred on July 14, 2026, suggesting that the vulnerability may have been discovered and reported prior to this date. Organizations using affected Fortinet products should prioritize applying the available patches or virtual patches to protect their environments from potential memory disclosure attacks.
This advisory serves as a reminder for organizations to maintain up-to-date security postures, regularly review vendor advisories, and promptly implement recommended security updates and patches to safeguard against emerging threats. The potential for memory disclosure can lead to the exposure of sensitive configuration data, credentials, or other critical information, underscoring the importance of timely remediation.