PT-2026-7273 · Fortinet · Fortios
Published
2026-02-10
·
Updated
2026-02-23
·
CVE-2025-55018
CVSS v3.1
5.8
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Fortinet FortiOS versions 6.4.3 through 6.4.16
Fortinet FortiOS versions 7.0 all versions
Fortinet FortiOS versions 7.2 all versions
Fortinet FortiOS versions 7.4.0 through 7.4.9
Fortinet FortiOS version 7.6.0
Description
An issue exists in the handling of HTTP requests, specifically an inconsistent interpretation that can lead to 'http request smuggling'. This allows an unauthenticated attacker to send an unlogged HTTP request through firewall policies using a specially crafted header.
Recommendations
Fortinet FortiOS versions 6.4.3 through 6.4.16 should be updated.
Fortinet FortiOS versions 7.0 all versions should be updated.
Fortinet FortiOS versions 7.2 all versions should be updated.
Fortinet FortiOS versions 7.4.0 through 7.4.9 should be updated.
Fortinet FortiOS version 7.6.0 should be updated.
Fix
HTTP Request/Response Smuggling
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Fortios