Description
A improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in Fortinet FortiOS 7.6.0 through 7.6.6, FortiOS 7.4.0 through 7.4.9, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions, FortiPAM 1.8.0, FortiPAM 1.7.0 through 1.7.2, FortiPAM 1.6 all versions, FortiPAM 1.5 all versions, FortiPAM 1.4 all versions, FortiPAM 1.3 all versions, FortiPAM 1.2 all versions, FortiPAM 1.1 all versions, FortiPAM 1.0 all versions, FortiProxy 7.6.0 through 7.6.5, FortiProxy 7.4 through 7.4.13, FortiProxy 7.2 all versions, FortiProxy 7.0 all versions may allow attacker to execute unauthorized code or commands via <insert attack vector here>
Published: 2026-07-14
Score: 5 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

No analysis available yet.

Remediation

Vendor Solution

Upgrade to FortiProxy version 7.6.6 or above Upgrade to FortiOS version 8.0.0 or above Upgrade to FortiOS version 7.6.7 or above Upgrade to FortiOS version 7.4.10 or above Fortinet remediated this issue in FortiSASE version 26.1.1 and hence customers do not need to perform any action. Upgrade to FortiPAM version 1.9.0 or above Upgrade to FortiPAM version 1.8.1 or above Upgrade to FortiSwitchManager version 7.2.8 or above

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 14 Jul 2026 16:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Tue, 14 Jul 2026 15:45:00 +0000

Type Values Removed Values Added
Description A improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in Fortinet FortiOS 7.6.0 through 7.6.6, FortiOS 7.4.0 through 7.4.9, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions, FortiPAM 1.8.0, FortiPAM 1.7.0 through 1.7.2, FortiPAM 1.6 all versions, FortiPAM 1.5 all versions, FortiPAM 1.4 all versions, FortiPAM 1.3 all versions, FortiPAM 1.2 all versions, FortiPAM 1.1 all versions, FortiPAM 1.0 all versions, FortiProxy 7.6.0 through 7.6.5, FortiProxy 7.4 through 7.4.13, FortiProxy 7.2 all versions, FortiProxy 7.0 all versions may allow attacker to execute unauthorized code or commands via <insert attack vector here>
First Time appeared Fortinet
Fortinet fortios
Fortinet fortipam
Fortinet fortiproxy
Weaknesses CWE-22
CPEs cpe:2.3:a:fortinet:fortiproxy:7.0.0:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:7.0.10:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:7.0.11:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:7.0.12:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:7.0.13:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:7.0.14:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:7.0.15:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:7.0.16:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:7.0.17:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:7.0.18:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:7.0.19:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:7.0.1:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:7.0.20:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:7.0.21:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:7.0.22:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:7.0.23:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:7.0.2:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:7.0.3:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:7.0.4:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:7.0.5:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:7.0.6:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:7.0.7:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:7.0.8:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:7.0.9:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:7.2.0:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:7.2.10:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:7.2.11:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:7.2.12:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:7.2.13:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:7.2.14:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:7.2.15:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:7.2.16:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:7.2.1:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:7.2.2:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:7.2.3:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:7.2.4:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:7.2.5:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:7.2.6:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:7.2.7:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:7.2.8:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:7.2.9:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:7.4.0:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:7.4.10:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:7.4.11:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:7.4.12:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:7.4.13:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:7.4.1:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:7.4.2:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:7.4.3:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:7.4.4:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:7.4.5:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:7.4.6:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:7.4.7:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:7.4.8:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:7.4.9:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:7.6.0:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:7.6.1:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:7.6.2:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:7.6.3:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:7.6.4:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:7.6.5:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:6.4.0:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:6.4.10:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:6.4.11:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:6.4.12:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:6.4.13:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:6.4.14:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:6.4.15:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:6.4.16:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:6.4.1:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:6.4.2:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:6.4.3:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:6.4.4:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:6.4.5:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:6.4.6:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:6.4.7:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:6.4.8:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:6.4.9:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.0.10:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.0.11:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.0.12:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.0.13:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.0.14:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.0.15:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.0.16:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.0.17:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.0.18:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.0.19:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.0.1:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.0.2:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.0.3:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.0.4:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.0.5:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.0.6:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.0.7:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.0.8:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.0.9:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.2.10:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.2.11:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.2.12:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.2.13:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.2.1:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.2.2:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.2.3:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.2.4:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.2.5:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.2.6:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.2.7:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.2.8:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.2.9:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.4.1:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.4.2:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.4.3:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.4.4:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.4.5:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.4.6:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.4.7:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.4.8:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.4.9:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.6.0:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.6.1:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.6.2:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.6.3:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.6.4:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.6.5:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:7.6.6:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortipam:1.0.0:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortipam:1.0.1:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortipam:1.0.2:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortipam:1.0.3:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortipam:1.1.0:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortipam:1.1.1:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortipam:1.1.2:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortipam:1.2.0:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortipam:1.3.0:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortipam:1.3.1:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortipam:1.4.0:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortipam:1.4.1:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortipam:1.4.2:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortipam:1.4.3:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortipam:1.5.0:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortipam:1.5.1:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortipam:1.6.0:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortipam:1.6.1:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortipam:1.6.2:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortipam:1.7.0:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortipam:1.7.1:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortipam:1.7.2:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortipam:1.8.0:*:*:*:*:*:*:*
Vendors & Products Fortinet
Fortinet fortios
Fortinet fortipam
Fortinet fortiproxy
References
Metrics cvssV3_1

{'score': 5, 'vector': 'CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H/E:P/RL:O/RC:C'}


Subscriptions

Fortinet Fortios Fortipam Fortiproxy
cve-icon MITRE

Status: PUBLISHED

Assigner: fortinet

Published:

Updated: 2026-07-14T16:02:10.053Z

Reserved: 2026-07-07T15:21:31.715Z

Link: CVE-2026-59839

cve-icon Vulnrichment

Updated: 2026-07-14T16:02:07.148Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-14T17:15:03Z

Weaknesses
  • CWE-22

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')