CVE-2026-24640 - Vulnerability Details

- Stack Buffer Overflow in FortiWeb Allows Remote Code Execution via Crafted HTTP Requests

Description

A Stack-based Buffer Overflow vulnerability [CWE-121] vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.2, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4 all versions, FortiWeb 7.2 all versions, FortiWeb 7.0.2 through 7.0.12 may allow a remote authenticated attacker who can bypass stack protection and ASLR to execute arbitrary code or commands via crafted HTTP requests.

Published: 2026-03-10

Score: 5.9 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

Fortinet FortiWeb is vulnerable to a stack‑based buffer overflow (CWE‑121) and an out‑of‑bounds write (CWE‑787). The flaw allows a remote authenticated attacker who can bypass stack protection and ASLR to send crafted HTTP requests that will execute arbitrary code or commands. The potential impact is full compromise of the device, leading to a loss of confidentiality, integrity, and availability for any network services protected by that FortiWeb instance.

Affected Systems

The vulnerability affects Fortinet FortiWeb appliances running version 8.0.0 through 8.0.2, 7.6.0 through 7.6.6, all 7.4 releases, all 7.2 releases, and 7.0.2 through 7.0.12. Any production or test environment with those firmware versions is susceptible.

Risk and Exploitability

The CVSS score is 5.9, indicating moderate severity. The EPSS score is less than 1%, showing a very low probability of exploitation in the general population. The vulnerability is not listed in the CISA KEV catalog. Attackers must be authenticated but can then bypass security controls; the likely vector is through maliciously crafted HTTP traffic sent to the Web application firewall over the network. Exploitation would require the attacker to have necessary privileges to log into the device and then send the crafted requests.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Fortinet

FortiWeb

unaffected

Version	Status	Constraints
`8.0.0`	affected	≤ 8.0.2
`7.6.0`	affected	≤ 7.6.6
`7.4.0`	affected	≤ 7.4.12
`7.2.0`	affected	≤ 7.2.12
`7.0.2`	affected	≤ 7.0.12

Configuration 1 [-]

OR	cpe:2.3:a:fortinet:fortiweb::::::::
	cpe:2.3:a:fortinet:fortiweb::::::::
	cpe:2.3:a:fortinet:fortiweb::::::::

No data.

Vendor Product Confidence Versions

Fortinet

Fortiweb

95%

Version	Status	Scheme	Platform
`[8.0.0,8.0.2]`	affected	semver	—
`[7.6.0,7.6.6]`	affected	semver	—
`[7.4.0,7.4.12]`	affected	semver	—
`[7.2.0,7.2.12]`	affected	semver	—
`[7.0.2,7.0.12]`	affected	semver	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

Vendor Solution

Upgrade to FortiWeb version 8.0.3 or above Upgrade to FortiWeb version 7.6.7 or above

OpenCVE Recommended Actions

Upgrade FortiWeb to version 8.0.3 or later.
If using the 7.x branch, upgrade to 7.6.7 or later.
Until a patch is applied, block or tightly restrict external HTTP traffic that can reach the FortiWeb interfaces responsible for the vulnerable code path by using network segmentation or firewall rules.

Generated by OpenCVE AI on April 16, 2026 at 03:49 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00043.

Exploitation none

Automatable no

Technical Impact total

References

Link	Providers
https://fortiguard.fortinet.com/psirt/FG-IR-26-087

History

Thu, 16 Apr 2026 04:15:00 +0000

Type	Values Removed	Values Added
Title		Stack Buffer Overflow in FortiWeb Allows Remote Code Execution via Crafted HTTP Requests

Thu, 12 Mar 2026 20:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-787
CPEs		cpe:2.3:a:fortinet:fortiweb::::::::

Tue, 10 Mar 2026 18:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Tue, 10 Mar 2026 17:15:00 +0000

Type	Values Removed	Values Added
Description		A Stack-based Buffer Overflow vulnerability [CWE-121] vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.2, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4 all versions, FortiWeb 7.2 all versions, FortiWeb 7.0.2 through 7.0.12 may allow a remote authenticated attacker who can bypass stack protection and ASLR to execute arbitrary code or commands via crafted HTTP requests.
First Time appeared		Fortinet Fortinet fortiweb
Weaknesses		CWE-121
CPEs		cpe:2.3:a:fortinet:fortiweb:7.0.10:::::::* cpe:2.3:a:fortinet:fortiweb:7.0.11:::::::* cpe:2.3:a:fortinet:fortiweb:7.0.12:::::::* cpe:2.3:a:fortinet:fortiweb:7.0.2:::::::* cpe:2.3:a:fortinet:fortiweb:7.0.3:::::::* cpe:2.3:a:fortinet:fortiweb:7.0.4:::::::* cpe:2.3:a:fortinet:fortiweb:7.0.5:::::::* cpe:2.3:a:fortinet:fortiweb:7.0.6:::::::* cpe:2.3:a:fortinet:fortiweb:7.0.7:::::::* cpe:2.3:a:fortinet:fortiweb:7.0.8:::::::* cpe:2.3:a:fortinet:fortiweb:7.0.9:::::::* cpe:2.3:a:fortinet:fortiweb:7.2.0:::::::* cpe:2.3:a:fortinet:fortiweb:7.2.10:::::::* cpe:2.3:a:fortinet:fortiweb:7.2.11:::::::* cpe:2.3:a:fortinet:fortiweb:7.2.12:::::::* cpe:2.3:a:fortinet:fortiweb:7.2.1:::::::* cpe:2.3:a:fortinet:fortiweb:7.2.2:::::::* cpe:2.3:a:fortinet:fortiweb:7.2.3:::::::* cpe:2.3:a:fortinet:fortiweb:7.2.4:::::::* cpe:2.3:a:fortinet:fortiweb:7.2.5:::::::* cpe:2.3:a:fortinet:fortiweb:7.2.6:::::::* cpe:2.3:a:fortinet:fortiweb:7.2.7:::::::* cpe:2.3:a:fortinet:fortiweb:7.2.8:::::::* cpe:2.3:a:fortinet:fortiweb:7.2.9:::::::* cpe:2.3:a:fortinet:fortiweb:7.4.0:::::::* cpe:2.3:a:fortinet:fortiweb:7.4.10:::::::* cpe:2.3:a:fortinet:fortiweb:7.4.11:::::::* cpe:2.3:a:fortinet:fortiweb:7.4.12:::::::* cpe:2.3:a:fortinet:fortiweb:7.4.1:::::::* cpe:2.3:a:fortinet:fortiweb:7.4.2:::::::* cpe:2.3:a:fortinet:fortiweb:7.4.3:::::::* cpe:2.3:a:fortinet:fortiweb:7.4.4:::::::* cpe:2.3:a:fortinet:fortiweb:7.4.5:::::::* cpe:2.3:a:fortinet:fortiweb:7.4.6:::::::* cpe:2.3:a:fortinet:fortiweb:7.4.7:::::::* cpe:2.3:a:fortinet:fortiweb:7.4.8:::::::* cpe:2.3:a:fortinet:fortiweb:7.4.9:::::::* cpe:2.3:a:fortinet:fortiweb:7.6.0:::::::* cpe:2.3:a:fortinet:fortiweb:7.6.1:::::::* cpe:2.3:a:fortinet:fortiweb:7.6.2:::::::* cpe:2.3:a:fortinet:fortiweb:7.6.3:::::::* cpe:2.3:a:fortinet:fortiweb:7.6.4:::::::* cpe:2.3:a:fortinet:fortiweb:7.6.5:::::::* cpe:2.3:a:fortinet:fortiweb:7.6.6:::::::* cpe:2.3:a:fortinet:fortiweb:8.0.0:::::::* cpe:2.3:a:fortinet:fortiweb:8.0.1:::::::* cpe:2.3:a:fortinet:fortiweb:8.0.2:::::::*
Vendors & Products		Fortinet Fortinet fortiweb
References		https://fortiguard.fortinet.com/psirt/FG-IR-26-087
Metrics		cvssV3_1 `{'score': 5.9, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C'}`

Subscriptions

Fortinet Fortiweb

MITRE

Status: PUBLISHED

Assigner: fortinet

Published: 2026-03-10T16:44:20.721Z

Updated: 2026-03-11T03:56:46.897Z

Reserved: 2026-01-23T15:09:07.476Z

Link: CVE-2026-24640

Vulnrichment

Updated: 2026-03-10T17:34:20.726Z

NVD

Status : Analyzed

Published: 2026-03-10T18:18:28.470

Modified: 2026-03-12T20:12:21.070

Link: CVE-2026-24640

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-04-16T04:00:09Z

Weaknesses

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity High

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact total

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object