A path‑traversal flaw allows an attacker with privileged CLI access to craft requests that delete arbitrary files from the underlying operating system. The capability to remove configuration or system files can disrupt service operation and undermine the integrity of the FortiAnalyzer or FortiManager installation.

Fortinet FortiAnalyzer (versions 7.0 to 7.6.4, including all Cloud variants), FortiManager (versions 7.0 to 7.6.4, including all Cloud variants).

The CVSS score of 5.4 signals a medium‑severity vulnerability. No EPSS score is available, and the issue is not listed in the CISA KEV catalog. Exploitation requires an attacker to already possess administrative or privileged CLI access; once achieved, file deletion can lead to loss of service availability or facilitate further compromise.