CVE-2026-59839
MEDIUM
5.0
CVSS 3.1
Description
A improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in Fortinet FortiOS 7.6.0 through 7.6.6, FortiOS 7.4.0 through 7.4.9, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions, FortiPAM 1.8.0, FortiPAM 1.7.0 through 1.7.2, FortiPAM 1.6 all versions, FortiPAM 1.5 all versions, FortiPAM 1.4 all versions, FortiPAM 1.3 all versions, FortiPAM 1.2 all versions, FortiPAM 1.1 all versions, FortiPAM 1.0 all versions, FortiProxy 7.6.0 through 7.6.5, FortiProxy 7.4 through 7.4.13, FortiProxy 7.2 all versions, FortiProxy 7.0 all versions may allow attacker to execute unauthorized code or commands via <insert attack vector here>
Metadata
Severity & Metrics
5.0
MEDIUM CVSS 3.1
CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H/E:P/RL:O/RC:C
SSVC — CISA Coordinator
Affected products (3)
| Vendor | Product | Platform | Versions |
|---|---|---|---|
| Fortinet | FortiOS | — | 7.6.0 ≤ 7.6.6, 7.4.0 ≤ 7.4.9, 7.2.0 ≤ 7.2.13, 7.0.0 ≤ 7.0.19 … |
| Fortinet | FortiPAM | — | 1.8.0, 1.7.0 ≤ 1.7.2, 1.6.0 ≤ 1.6.2, 1.5.0 ≤ 1.5.1 … |
| Fortinet | FortiProxy | — | 7.6.0 ≤ 7.6.5, 7.4.0 ≤ 7.4.13, 7.2.0 ≤ 7.2.16, 7.0.0 ≤ 7.0.23 |
Weakness (CWE)
| CWE | Source | Description |
|---|---|---|
| CWE-22 | cna | Execute unauthorized code or commands |
CVSS scores (1)
| Score | Severity | Version | Source | Vector |
|---|---|---|---|---|
| 5.0 | MEDIUM | 3.1 | cna | CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H/E:P/RL:O/RC:C |
References (1)
- https://fortiguard.fortinet.com/psirt/FG-IR-26-151 https://fortiguard.fortinet.com/psirt/FG-IR-26-151