VYPR
Vendor

Fortinet

Fortinet, Inc. is an American cybersecurity company headquartered in Sunnyvale, California. It develops and sells security products including firewalls, endpoint security and intrusion detection systems. Fortinet has offices in the US, Canada, and UK.

Founded 2000
Products
104
CVEs
1,127
Across products
1,527
Status
Private

Products

104
View all 104 products →

Recent CVEs

1,127
View all 1,127 CVEs →
  • CVE-2026-21643CriKEVFeb 6, 2026
    risk 0.81cvss 9.8epss 0.94

    An improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiClientEMS 7.4.4 may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests.

  • CVE-2026-35616CriKEVApr 4, 2026
    risk 0.78cvss 9.8epss 0.89

    A improper access control vulnerability in Fortinet FortiClientEMS 7.4.5 through 7.4.6 may allow an unauthenticated attacker to execute unauthorized code or commands via crafted requests.

  • CVE-2025-59718CriKEVDec 9, 2025
    risk 0.77cvss 9.8epss 0.66

    A improper verification of cryptographic signature vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2.0 through 7.2.11, FortiOS 7.0.0 through 7.0.17, FortiProxy 7.6.0 through 7.6.3, FortiProxy 7.4.0 through 7.4.10, FortiProxy 7.2.0…

  • CVE-2026-24858CriKEVJan 27, 2026
    risk 0.76cvss 9.8epss 0.86

    An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.5, FortiAnalyzer 7.4.0 through 7.4.9, FortiAnalyzer 7.2.0 through 7.2.11, FortiAnalyzer 7.0.0 through 7.0.15, FortiManager 7.6.0 through…

  • CVE-2016-1909CriJan 15, 2016
    risk 0.72cvss 9.8epss 0.71

    Fortinet FortiAnalyzer before 5.0.12 and 5.2.x before 5.2.5; FortiSwitch 3.3.x before 3.3.3; FortiCache 3.0.x before 3.0.8; and FortiOS 4.1.x before 4.1.11, 4.2.x before 4.2.16, 4.3.x before 4.3.17 and 5.0.x before 5.0.8 have a hardcoded passphrase for the Fortimanager_Access…

  • CVE-2016-6909CriAug 24, 2016
    risk 0.71cvss 9.8epss 0.50

    Buffer overflow in the Cookie parser in Fortinet FortiOS 4.x before 4.1.11, 4.2.x before 4.2.13, and 4.3.x before 4.3.9 and FortiSwitch before 3.4.3 allows remote attackers to execute arbitrary code via a crafted HTTP request, aka EGREGIOUSBLUNDER.

  • CVE-2026-39808CriApr 14, 2026
    risk 0.66cvss 9.8epss 0.49

    A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.8 may allow attacker to execute unauthorized code or commands via

  • CVE-2026-25089CriJun 9, 2026
    risk 0.64cvss 9.8epss 0.23

    A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8, FortiSandbox 4.2 all versions, FortiSandbox Cloud 5.0.4 through 5.0.5, FortiSandbox PaaS…

  • CVE-2026-44277CriMay 12, 2026
    risk 0.64cvss 9.8epss 0.01

    A improper access control vulnerability in Fortinet FortiAuthenticator 8.0.2, FortiAuthenticator 8.0.0, FortiAuthenticator 6.6.0 through 6.6.8, FortiAuthenticator 6.5.0 through 6.5.6 may allow attacker to execute unauthorized code or commands via crafted requests.

  • CVE-2026-26083CriMay 12, 2026
    risk 0.64cvss 9.8epss 0.01

    A missing authorization vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.1, FortiSandbox 4.4.0 through 4.4.8, FortiSandbox Cloud 5.0.2 through 5.0.5, FortiSandbox PaaS 23.4 all versions, FortiSandbox PaaS 23.3 all versions, FortiSandbox PaaS 23.1 all versions,…

  • CVE-2026-39813CriApr 14, 2026
    risk 0.64cvss 9.8epss 0.17

    A path traversal: '../filedir' vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8 may allow attacker to escalation of privilege via

  • CVE-2025-47855CriJan 13, 2026
    risk 0.64cvss 9.8epss 0.01

    An exposure of sensitive information to an unauthorized actor [CWE-200] vulnerability in Fortinet FortiFone 7.0.0 through 7.0.1, FortiFone 3.0.13 through 3.0.23 allows an unauthenticated attacker to obtain the device configuration via crafted HTTP or HTTPS requests.

  • CVE-2025-59719CriDec 9, 2025
    risk 0.64cvss 9.8epss 0.24

    An improper verification of cryptographic signature vulnerability in Fortinet FortiWeb 8.0.0, FortiWeb 7.6.0 through 7.6.4, FortiWeb 7.4.0 through 7.4.9 may allow an unauthenticated attacker to bypass the FortiCloud SSO login authentication via a crafted SAML response message.

  • CVE-2017-17540CriMay 8, 2018
    risk 0.64cvss 9.8epss 0.02

    The presence of a hardcoded account in Fortinet FortiWLC 8.3.3 allows attackers to gain unauthorized read/write access via a remote shell.

  • CVE-2017-17539CriMay 8, 2018
    risk 0.64cvss 9.8epss 0.02

    The presence of a hardcoded account in Fortinet FortiWLC 7.0.11 and earlier allows attackers to gain unauthorized read/write access via a remote shell.

  • CVE-2017-14189CriNov 29, 2017
    risk 0.64cvss 9.8epss 0.03

    An improper access control vulnerability in Fortinet FortiWebManager 5.8.0 allows anyone that can access the admin webUI to successfully log-in regardless the provided password.

  • CVE-2015-3616CriAug 11, 2017
    risk 0.64cvss 9.8epss 0.02

    SQL injection vulnerability in Fortinet FortiManager 5.0.x before 5.0.11, 5.2.x before 5.2.2 allows remote attackers to execute arbitrary commands via unspecified parameters.

  • CVE-2017-7336CriJul 22, 2017
    risk 0.64cvss 9.8epss 0.02

    A hard-coded account named 'upgrade' in Fortinet FortiWLM 8.3.0 and lower versions allows a remote attacker to log-in and execute commands with 'upgrade' account privileges.

  • CVE-2016-7560CriOct 5, 2016
    risk 0.64cvss 9.8epss 0.03

    The rsyncd server in Fortinet FortiWLC 6.1-2-29 and earlier, 7.0-9-1, 7.0-10-0, 8.0-5-0, 8.1-2-0, and 8.2-4-0 has a hardcoded rsync account, which allows remote attackers to read or write to arbitrary files via unspecified vectors.

  • CVE-2016-4573CriSep 9, 2016
    risk 0.64cvss 9.8epss 0.05

    Fortinet FortiSwitch FSW-108D-POE, FSW-124D, FSW-124D-POE, FSW-224D-POE, FSW-224D-FPOE, FSW-248D-POE, FSW-248D-FPOE, FSW-424D, FSW-424D-POE, FSW-424D-FPOE, FSW-448D, FSW-448D-POE, FSW-448D-FPOE, FSW-524D, FSW-524D-FPOE, FSW-548D, FSW-548D-FPOE, FSW-1024D, FSW-1048D, FSW-3032D,…