Fortinet Patches Multiple Vulnerabilities Across FortiClient and Other Products
Fortinet released security updates addressing 22 vulnerabilities across multiple products, including FortiWeb, FortiSwitchAX, FortiManager, and FortiClient (Linux). The issues span multiple bug classes (e.g., authentication bypass, heap-based buffer overflow, and cleartext storage of sensitive information) and could enable outcomes such as security bypass, data tampering, denial-of-service, privilege escalation, information disclosure, and in some cases unauthorized code/command execution. Belgium’s CCB urged organizations to patch promptly and noted Fortinet reported no evidence of active exploitation at the time of the advisory.
One of the patched flaws, CVE-2026-24018 (CVSS 7.8), was detailed by the Zero Day Initiative (ZDI-26-186) as a local privilege escalation vulnerability in FortiClient. ZDI reported the flaw stems from handling of certain shared objects: a local attacker with the ability to run low-privileged code can create a symbolic link to coerce a service into loading an arbitrary shared object, enabling execution of attacker-controlled code as root. Fortinet issued a fix and published vendor guidance under FG-IR-26-083.
Timeline
Mar 11, 2026
Belgium CCB urges immediate patching of Fortinet vulnerabilities
Belgium's Centre for Cybersecurity Belgium published a warning that Fortinet had patched 22 vulnerabilities across multiple products and advised organizations to patch immediately. The notice reinforced the urgency of applying Fortinet's available security updates.
Mar 10, 2026
ZDI publicly discloses FortiClient vulnerability ZDI-26-186
The Zero Day Initiative publicly released details of CVE-2026-24018 as ZDI-26-186 under coordinated disclosure. The advisory described the improper handling of shared objects in FortiClient and rated the issue CVSS 7.8.
Mar 10, 2026
Fortinet releases fixes for CVE-2026-24018 in FortiClient
Fortinet issued an update to remediate the FortiClient local privilege escalation vulnerability and published details in FortiGuard PSIRT advisory FG-IR-26-083. A later Belgian CCB advisory also warned that Fortinet had patched 22 vulnerabilities across multiple products, including this issue.
Oct 29, 2025
Astra Security reports FortiClient privilege escalation flaw to Fortinet
Febin Mon Saji of Astra Security reported a local privilege escalation vulnerability in Fortinet FortiClient, later assigned CVE-2026-24018 and tracked by ZDI as ZDI-CAN-27581. The flaw could let a low-privileged local attacker use a symbolic link to have a service load a malicious shared object and execute code as root.
See the full picture in Mallory
Mallory subscribers get deeper analysis on every story, including:
Who’s affected and how
Deep-dive technical analysis
Actionable next steps for your team
IPs, domains, hashes, and more
Ask questions and take action on every story
Filter by topic, classification, timeframe
Get matching stories delivered automatically
Related Entities
Vulnerabilities
Organizations
Sources
Related Stories
Fortinet patches multiple vulnerabilities including FortiManager fgtupdates stack overflow enabling remote command execution
**Fortinet** issued a broad security update addressing **11 vulnerabilities** across products including *FortiManager*, *FortiAnalyzer*, *FortiSwitch*, and *FortiSandbox*, spanning issues such as authentication weaknesses, buffer overflows, OS command injection, and SQL injection. The most operationally significant items include vulnerabilities that could enable **remote command execution** or privilege escalation in unpatched enterprise environments; one highlighted flaw is a stack-based buffer overflow in *FortiManager*’s `fgtupdates` service (**CVE-2025-54820**, Fortinet advisory **FG-IR-26-098**), which can be triggered via crafted requests when the service is enabled. Separate vendor advisories published around the same time cover unrelated products and should not be conflated with Fortinet’s update: **HPE Aruba** patched *AOS-CX* switch OS issues including a critical auth bypass (**CVE-2026-23813**) that can allow unauthenticated attackers to reset admin passwords via the web management interface, while **F5** published “not affected” notices for an **Apache Solr** input-validation issue in the “create core” API (**CVE-2026-22444**) that can lead to unauthorized filesystem path reads (and potential NTLM hash disclosure on Windows with UNC paths), and for an **Intel 800 Series Ethernet** Linux driver input-validation flaw (**CVE-2025-24325**) that may allow local privilege escalation on certain F5 appliance lines.
2 weeks ago
Multiple Vulnerabilities in Fortinet Products Enable Arbitrary Code Execution and Information Disclosure
Several Fortinet products, including FortiWeb, FortiClient, FortiExtender, FortiMail, FortiPAM, FortiSandbox, FortiADC, FortiVoice, FortiOS, and FortiProxy, have been found to contain multiple vulnerabilities, some of which could allow for arbitrary code execution. The most severe of these vulnerabilities, such as the FortiWeb RCE flaw (CVE-2025-58034), is under active exploitation and has been added to CISA's Known Exploited Vulnerabilities (KEV) catalog. Additionally, a vulnerability in FortiClient for Windows involving active debug code could allow a local attacker to retrieve saved VPN user passwords, posing a significant risk of information disclosure. Security advisories urge organizations using affected Fortinet products to review available patches and mitigations immediately. The vulnerabilities impact a wide range of Fortinet's security and networking solutions, increasing the urgency for prompt remediation to prevent potential exploitation and compromise of sensitive assets.
1 months ago
Critical Fortinet FortiOS and FortiProxy Flaws Enable Remote Compromise
Fortinet disclosed multiple critical vulnerabilities in **FortiOS** and related products, including an authentication bypass in **FortiOS** and **FortiProxy** that can grant attackers **super-admin privileges** and is being **actively exploited in the wild**. The flaw can be triggered through specially crafted requests to the **Node.js websocket module** and affects FortiOS `7.0.0` through `7.0.16`, FortiProxy `7.2.0` through `7.2.12`, and FortiProxy `7.0.0` through `7.0.19`. Organizations were told to upgrade to FortiOS `7.0.17+`, FortiProxy `7.2.13+`, or FortiProxy `7.0.20+`, and to apply Fortinet’s recommended mitigations immediately. Separate Fortinet advisories also warned of critical flaws **CVE-2024-21762** and **CVE-2024-23113**, affecting **FortiOS, FortiProxy, FortiPAM, and FortiSwitchManager**. **CVE-2024-21762** carries a **CVSS 9.6** rating, while **CVE-2024-23113** is rated **CVSS 9.8**; both require urgent patching to fixed versions identified by Fortinet. Fortinet and national cyber authorities said defenders should prioritize upgrades across exposed appliances, and for `CVE-2024-21762`, disabling the **SSL VPN** feature can reduce exposure until patches are applied.
1 weeks ago