Description
An improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.8, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer Cloud 7.6.0 through 7.6.4, FortiAnalyzer Cloud 7.4.0 through 7.4.8, FortiAnalyzer Cloud 7.2 all versions, FortiAnalyzer Cloud 7.0 all versions, FortiManager 7.6.0 through 7.6.4, FortiManager 7.4.0 through 7.4.8, FortiManager 7.2 all versions, FortiManager 7.0 all versions, FortiManager Cloud 7.6.0 through 7.6.4, FortiManager Cloud 7.4.0 through 7.4.8, FortiManager Cloud 7.2 all versions, FortiManager Cloud 7.0 all versions may allow a privileged authenticated attacker to execute unauthorized code or commands via JSON RPC API
Published: 2026-04-14
Score: 6.8 Medium
EPSS: < 1% Very Low
KEV: No
Impact: SQL injection allowing code execution
Action: Apply patch
AI Analysis

Impact

An improper neutralization of special characters in SQL commands permits a privileged authenticated attacker to manipulate the JSON RPC API. The flaw is a classic SQL injection (CWE‑89) that can be leveraged to execute unauthorized code or commands on the device. An attacker can read, modify, or delete data, potentially compromising the confidentiality, integrity, and availability of the management services.

Affected Systems

The vulnerability is present in Fortinet FortiAnalyzer, FortiAnalyzer Cloud, FortiManager, and FortiManager Cloud. Affected FortiAnalyzer versions include 7.6.0 through 7.6.4, 7.4.0 through 7.4.8, all releases of 7.2 and 7.0. The same version ranges apply to FortiAnalyzer Cloud. FortiManager and FortiManager Cloud share identical affected versions, covering 7.6.0 through 7.6.4, 7.4.0 through 7.4.8, all 7.2 and 7.0 releases.

Risk and Exploitability

The CVSS score of 6.8 indicates a moderate severity. EPSS data is not available, and the vulnerability is not listed in the CISA KEV catalog. Exploitation requires a privileged authenticated attacker who can access the JSON RPC interface, which is normally restricted to administrators. The likely attack vector is through the management API that accepts JSON RPC payloads. If an attacker gains such access, they can execute arbitrary code or commands on the device, potentially leading to full compromise of the managed network.

Generated by OpenCVE AI on April 14, 2026 at 18:11 UTC.

Remediation

Vendor Solution

Upgrade to upcoming FortiManager version 8.0.0 or above Upgrade to FortiManager version 7.6.5 or above Upgrade to FortiManager version 7.4.9 or above Upgrade to FortiAnalyzer version 7.6.5 or above Upgrade to FortiAnalyzer version 7.4.9 or above Upgrade to FortiAnalyzer Cloud version 7.6.4 or above Upgrade to FortiManager Cloud version 7.6.5 or above

OpenCVE Recommended Actions

  • Upgrade FortiManager to version 8.0.0 or above
  • Upgrade FortiManager to version 7.6.5 or above
  • Upgrade FortiManager to version 7.4.9 or above
  • Upgrade FortiAnalyzer to version 7.6.5 or above
  • Upgrade FortiAnalyzer to version 7.4.9 or above
  • Upgrade FortiAnalyzer Cloud to version 7.6.4 or above
  • Upgrade FortiManager Cloud to version 7.6.5 or above

Generated by OpenCVE AI on April 14, 2026 at 18:11 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 15 Apr 2026 15:45:00 +0000

Type Values Removed Values Added
Title SQL Injection via API in FortiAnalyzer and FortiManager Allows Code Execution

Wed, 15 Apr 2026 14:45:00 +0000

Type Values Removed Values Added
First Time appeared Fortinet fortianalyzer Cloud
Fortinet fortimanager Cloud
Vendors & Products Fortinet fortianalyzer Cloud
Fortinet fortimanager Cloud

Tue, 14 Apr 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 14 Apr 2026 16:00:00 +0000

Type Values Removed Values Added
Description An improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.8, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer Cloud 7.6.0 through 7.6.4, FortiAnalyzer Cloud 7.4.0 through 7.4.8, FortiAnalyzer Cloud 7.2 all versions, FortiAnalyzer Cloud 7.0 all versions, FortiManager 7.6.0 through 7.6.4, FortiManager 7.4.0 through 7.4.8, FortiManager 7.2 all versions, FortiManager 7.0 all versions, FortiManager Cloud 7.6.0 through 7.6.4, FortiManager Cloud 7.4.0 through 7.4.8, FortiManager Cloud 7.2 all versions, FortiManager Cloud 7.0 all versions may allow a privileged authenticated attacker to execute unauthorized code or commands via JSON RPC API
First Time appeared Fortinet
Fortinet fortianalyzer
Fortinet fortianalyzercloud
Fortinet fortimanager
Fortinet fortimanagercloud
Weaknesses CWE-89
CPEs cpe:2.3:a:fortinet:fortianalyzercloud:7.6.2:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortianalyzercloud:7.6.3:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimanagercloud:7.6.2:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimanagercloud:7.6.3:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimanagercloud:7.6.4:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:7.6.0:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:7.6.1:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:7.6.2:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:7.6.3:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:7.6.0:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:7.6.1:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:7.6.2:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:7.6.3:*:*:*:*:*:*:*
Vendors & Products Fortinet
Fortinet fortianalyzer
Fortinet fortianalyzercloud
Fortinet fortimanager
Fortinet fortimanagercloud
References
Metrics cvssV3_1

{'score': 6.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C'}

Subscriptions

Fortinet Fortianalyzer Fortianalyzer Cloud Fortianalyzercloud Fortimanager Fortimanager Cloud Fortimanagercloud
cve-icon MITRE

Status: PUBLISHED

Assigner: fortinet

Published:

Updated: 2026-04-15T03:58:25.023Z

Reserved: 2025-10-01T18:21:09.224Z

Link: CVE-2025-61848

cve-icon Vulnrichment

Updated: 2026-04-14T16:36:57.861Z

cve-icon NVD

Status : Received

Published: 2026-04-14T16:16:31.610

Modified: 2026-04-14T16:16:31.610

Link: CVE-2025-61848

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-15T15:30:06Z

Weaknesses