Description
An improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiAP 7.6.0 through 7.6.2, FortiAP 7.4.0 through 7.4.5, FortiAP 7.2 all versions, FortiAP 7.0 all versions, FortiAP 6.4 all versions, FortiAP-W2 7.4.0 through 7.4.4, FortiAP-W2 7.2 all versions, FortiAP-W2 7.0 all versions may allow an authenticated attacker to execute unauthorized code or commands via a specifically crafted cli command.
Published: 2026-05-12
Score: 6.5 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

This vulnerability is an improper neutralization of special elements used in an operating‑system command (OS command injection). A crafted CLI command can allow an authenticated user to execute arbitrary commands on a FortiAP device, leading to remote code execution. The flaw lies in the command parsing logic, typified by CWE‑78.

Affected Systems

Affected are Fortinet FortiAP devices running firmware 7.6.0 through 7.6.2, 7.4.0 through 7.4.5, 7.2.x, 7.0.x, and 6.4.x, as well as FortiAP‑W2 devices running firmware 7.4.0 through 7.4.4, 7.2.x, and 7.0.x. All FortiAP‑U devices with firmware 7.0.0 through 7.0.5 are also impacted.

Risk and Exploitability

The CVSS base score of 6.5 indicates a moderate severity, with an EPSS score unavailable, suggesting that current threat intelligence does not indicate a high likelihood of exploitation. The vulnerability is not listed in the CISA KEV catalog, but it requires an authenticated attacker with access to the device’s CLI. An attacker could craft a malicious command string during an authenticated session to trigger arbitrary command execution on the device.

Generated by OpenCVE AI on May 12, 2026 at 18:56 UTC.

Remediation

Vendor Solution

Upgrade to FortiAP version 7.6.3 or above Upgrade to FortiAP version 7.4.6 or above Upgrade to FortiAP-U version 7.0.6 or above Upgrade to FortiAP-W2 version 7.4.5 or above

OpenCVE Recommended Actions

  • Upgrade all FortiAP devices to firmware version 7.6.3 or newer.
  • Upgrade all FortiAP devices to firmware version 7.4.6 or newer.
  • Upgrade all FortiAP-U devices to firmware version 7.0.6 or newer.
  • Upgrade all FortiAP-W2 devices to firmware version 7.4.5 or newer.
  • If a firmware update cannot be applied immediately, restrict or disable CLI access to the devices until the patch is deployed.

Generated by OpenCVE AI on May 12, 2026 at 18:56 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 12 May 2026 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 12 May 2026 19:15:00 +0000

Type Values Removed Values Added
Title Improper Neutralization of Special Elements in OS Command Injection in Fortinet FortiAP Devices

Tue, 12 May 2026 17:30:00 +0000

Type Values Removed Values Added
Description An improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiAP 7.6.0 through 7.6.2, FortiAP 7.4.0 through 7.4.5, FortiAP 7.2 all versions, FortiAP 7.0 all versions, FortiAP 6.4 all versions, FortiAP-W2 7.4.0 through 7.4.4, FortiAP-W2 7.2 all versions, FortiAP-W2 7.0 all versions may allow an authenticated attacker to execute unauthorized code or commands via a specifically crafted cli command.
First Time appeared Fortinet
Fortinet fortiap
Fortinet fortiap-w2
Weaknesses CWE-78
CPEs cpe:2.3:a:fortinet:fortiap-w2:7.0.0:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiap-w2:7.0.1:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiap-w2:7.0.2:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiap-w2:7.0.3:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiap-w2:7.0.4:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiap-w2:7.0.5:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiap-w2:7.0.6:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiap-w2:7.0.7:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiap-w2:7.0.8:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiap-w2:7.2.0:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiap-w2:7.2.1:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiap-w2:7.2.2:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiap-w2:7.2.3:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiap-w2:7.2.4:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiap-w2:7.2.5:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiap-w2:7.4.0:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiap-w2:7.4.1:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiap-w2:7.4.2:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiap-w2:7.4.3:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiap-w2:7.4.4:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiap:6.4.3:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiap:6.4.4:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiap:6.4.5:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiap:6.4.6:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiap:6.4.7:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiap:6.4.8:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiap:6.4.9:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiap:7.0.0:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiap:7.0.1:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiap:7.0.2:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiap:7.0.3:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiap:7.0.4:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiap:7.0.5:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiap:7.0.6:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiap:7.0.7:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiap:7.2.0:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiap:7.2.1:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiap:7.2.2:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiap:7.2.3:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiap:7.2.4:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiap:7.2.5:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiap:7.2.6:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiap:7.4.0:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiap:7.4.1:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiap:7.4.2:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiap:7.4.3:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiap:7.4.4:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiap:7.4.5:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiap:7.6.0:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiap:7.6.1:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiap:7.6.2:*:*:*:*:*:*:*
Vendors & Products Fortinet
Fortinet fortiap
Fortinet fortiap-w2
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C'}

Subscriptions

Fortinet Fortiap Fortiap-w2
cve-icon MITRE

Status: PUBLISHED

Assigner: fortinet

Published:

Updated: 2026-05-13T03:58:24.463Z

Reserved: 2025-07-11T07:30:58.396Z

Link: CVE-2025-53870

cve-icon Vulnrichment

Updated: 2026-05-12T19:01:45.473Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-12T18:16:36.140

Modified: 2026-05-12T18:57:02.307

Link: CVE-2025-53870

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-12T20:45:23Z

Weaknesses