CVE-2026-59840
MEDIUM
4.1
CVSS 3.1
Description
A buffer over-read vulnerability in Fortinet FortiOS 7.6.0 through 7.6.2, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2 all versions, FortiProxy 7.6.0 through 7.6.5, FortiProxy 7.4.0 through 7.4.13, FortiProxy 7.2 all versions may allow attacker to information disclosure via <insert attack vector here>
Metadata
Severity & Metrics
4.1
MEDIUM CVSS 3.1
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
SSVC — CISA Coordinator
Affected products (4)
| Vendor | Product | Platform | Versions |
|---|---|---|---|
| Fortinet | FortiOS | — | 7.6.0 ≤ 7.6.2, 7.4.0 ≤ 7.4.8, 7.2.0 ≤ 7.2.13, 7.0.0 ≤ 7.0.19 … |
| Fortinet | FortiPAM | — | 1.7.0, 1.6.0 ≤ 1.6.2, 1.5.0 ≤ 1.5.1, 1.4.0 ≤ 1.4.3 … |
| Fortinet | FortiProxy | — | 7.6.0 ≤ 7.6.5, 7.4.0 ≤ 7.4.13, 7.2.0 ≤ 7.2.16, 7.0.0 ≤ 7.0.23 |
| Fortinet | FortiSwitchManager | — | 7.2.0 ≤ 7.2.7, 7.0.0 ≤ 7.0.6 |
Weakness (CWE)
| CWE | Source | Description |
|---|---|---|
| CWE-126 | cna | Information disclosure |
CVSS scores (1)
| Score | Severity | Version | Source | Vector |
|---|---|---|---|---|
| 4.1 | MEDIUM | 3.1 | cna | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
References (1)
- https://fortiguard.fortinet.com/psirt/FG-IR-26-154 https://fortiguard.fortinet.com/psirt/FG-IR-26-154