CVE-2026-34567

Name of the Vulnerable Software and Affected Versions CI4MS versions prior to 0.31.0.0 Fortinet FortiOS (affected versions not specified)

Description CI4MS, a CodeIgniter 4-based CMS skeleton, is susceptible to stored cross-site scripting (XSS) due to improper sanitization of user-controlled input when creating or editing blog posts in the Categories section. This allows an attacker to inject a malicious JavaScript payload into the Categories content, which is then stored server-side and rendered unsafely when the Categories are viewed via blog posts. Fortinet FortiOS is affected by a heap-based buffer overflow in the SSL VPN component, enabling attackers to gain full control of the firewall by sending a crafted packet without authentication. This impacts thousands of enterprise perimeters.

Recommendations Update CI4MS to version 0.31.0.0 or later. Upgrade Fortinet FortiOS to version 7.4.6 or later, 7.6.1 or later, or the latest patched build via FortiGuard/auto-update and reboot.