CVE-2026-22828

Description

A heap-based buffer overflow vulnerability in Fortinet FortiAnalyzer Cloud 7.6.2 through 7.6.4, FortiManager Cloud 7.6.2 through 7.6.4 may allow a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests. Successful exploitation would require a large amount of effort in preparation because of ASLR and network segmentation

CVSS breakdown

CVSS 3.1

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Physical

Changed

Affected products

fortinet / fortianalyzercloud7.6.4 – 7.6.4
fortinet / fortianalyzercloud7.6.3 – 7.6.3
fortinet / fortianalyzercloud7.6.2 – 7.6.2
fortinet / fortimanagercloud7.6.4 – 7.6.4
fortinet / fortimanagercloud7.6.3 – 7.6.3
fortinet / fortimanagercloud7.6.2 – 7.6.2

References

VENDOR_ADVISORYhttps://fortiguard.fortinet.com/psirt/FG-IR-26-121