CVE-2026-24640

Name of the Vulnerable Software and Affected Versions Fortinet FortiWeb versions 7.0.2 through 7.0.12 Fortinet FortiWeb versions 7.2 all versions Fortinet FortiWeb versions 7.4 all versions Fortinet FortiWeb versions 7.6.0 through 7.6.6 Fortinet FortiWeb versions 8.0.0 through 8.0.2

Description A stack-based buffer overflow [CWE-121] exists in FortiWeb. Successful exploitation of this issue may allow a remote authenticated attacker to execute arbitrary code or commands via specially crafted HTTP requests, bypassing stack protection and Address Space Layout Randomization (ASLR). The issue is related to a buffer overflow on the stack.

Recommendations FortiWeb versions 7.0.2 through 7.0.12: At the moment, there is no information about a newer version that contains a fix for this vulnerability. FortiWeb versions 7.2 all versions: At the moment, there is no information about a newer version that contains a fix for this vulnerability. FortiWeb versions 7.4 all versions: At the moment, there is no information about a newer version that contains a fix for this vulnerability. FortiWeb versions 7.6.0 through 7.6.6: At the moment, there is no information about a newer version that contains a fix for this vulnerability. FortiWeb versions 8.0.0 through 8.0.2: At the moment, there is no information about a newer version that contains a fix for this vulnerability.