CVE-2026-59839
FortiOS Analyse et atténuation des vulnérabilités

Aperçu

CVE-2026-59839 is a path traversal vulnerability (CWE-22) in Fortinet FortiOS, FortiPAM, and FortiProxy that may allow a privileged authenticated attacker with physical access to delete the file system via crafted CLI commands. It was published on July 14, 2026, and reported by the UK's National Cyber Security Centre (NCSC) under responsible disclosure. Affected products include FortiOS 6.4 through 7.6.6, FortiPAM 1.0 through 1.8.0, and FortiProxy 7.0 through 7.6.5. The vulnerability carries a CVSSv3 score of 5.0 (Medium) (FortiGuard Advisory).

Détails techniques

The vulnerability is classified as CWE-22 (Improper Limitation of a Pathname to a Restricted Directory) and resides in the CLI component of the affected Fortinet products. An attacker can craft specific CLI commands that traverse outside the intended restricted directory, potentially reaching and deleting files on the root file system. Exploitation requires physical access to the device and high-level (privileged) authentication, making the attack vector physical (AV:P) with high privileges required (PR:H). The specific CLI commands or parameters enabling the traversal have not been publicly detailed (FortiGuard Advisory).

Impact

Successful exploitation allows a privileged attacker with physical device access to delete arbitrary files on the root file system, resulting in high integrity and availability impacts with no confidentiality impact. This could lead to complete service disruption or destruction of the device's operating environment, effectively rendering the affected appliance inoperable. Given the physical access requirement and high privilege precondition, the risk of widespread or remote exploitation is significantly limited (FortiGuard Advisory).

Étapes d’exploitation

  1. Physical Access: Gain physical access to a vulnerable Fortinet device (FortiOS, FortiPAM, or FortiProxy) running an affected firmware version.
  2. Authentication: Authenticate to the device CLI using high-privileged credentials (e.g., administrator account).
  3. Craft Malicious CLI Command: Construct a CLI command that includes path traversal sequences (e.g., ../ or equivalent encoded variants) to reference file system paths outside the intended restricted directory.
  4. Execute Command: Submit the crafted CLI command to traverse the restricted directory boundary and target files on the root file system for deletion.
  5. Impact: Deletion of critical system files causes service disruption or renders the device inoperable (FortiGuard Advisory).

Indicateurs de compromis

  • Logs: Unusual or unexpected CLI command entries in device audit logs referencing path traversal sequences (e.g., ../, %2e%2e/) or targeting root file system paths outside normal operational directories.
  • File System: Missing or deleted system files on the root file system of the Fortinet appliance; unexpected changes to file system integrity.
  • Process/System Behavior: Unexpected device instability, boot failures, or service outages following CLI activity by a privileged user with physical access.

Atténuation et solutions de contournement

Fortinet has released patched versions and recommends upgrading as follows: FortiOS to 7.6.7 or above (7.6.x), 7.4.10 or above (7.4.x), or migrating from 7.2, 7.0, and 6.4 to a fixed release; FortiPAM to 1.8.1 or above (1.8.x), upcoming 1.7.3 or above (1.7.x), or migrating from all earlier versions; FortiProxy to 7.6.6 or above (7.6.x), 7.4.14 or above (7.4.x), or migrating from 7.2 and 7.0. A virtual patch named "FG-VD-60139.0day" is available in FMWP database update 26.021 for those unable to upgrade immediately. Organizations should also enforce strict physical access controls to limit who can interact with affected devices (FortiGuard Advisory).

Réactions de la communauté

The vulnerability was reported by the UK's National Cyber Security Centre (NCSC) under responsible disclosure, indicating coordinated handling. Security news outlets including CyberSecurityNews, GBHackers, and CyberPress covered the broader Fortinet patch release addressing seven vulnerabilities, of which CVE-2026-59839 was one. Community reaction has been measured given the medium severity rating and the physical access requirement, with no significant alarm or controversy noted (CyberSecurityNews, GBHackers).

Ressources additionnelles


SourceCe rapport a été généré à l’aide de l’IA

Apparenté FortiOS Vulnérabilités:

Identifiant CVE

Sévérité

Score

Technologies

Nom du composant

Exploit CISA KEV

A corrigé

Date de publication

CVE-2026-59837MEDIUM6.6
  • FortiOS logoFortiOS
  • cpe:2.3:o:fortinet:fortios
NonOuiJul 14, 2026
CVE-2026-23573MEDIUM6.1
  • FortiOS logoFortiOS
  • cpe:2.3:a:fortinet:fortiproxy
NonOuiJul 14, 2026
CVE-2026-59839MEDIUM5.5
  • FortiOS logoFortiOS
  • cpe:2.3:a:fortinet:fortiproxy
NonOuiJul 14, 2026
CVE-2026-59840MEDIUM4.3
  • FortiOS logoFortiOS
  • cpe:2.3:a:fortinet:fortiproxy
NonOuiJul 14, 2026
CVE-2025-62826MEDIUM4.3
  • FortiOS logoFortiOS
  • cpe:2.3:a:fortinet:fortiproxy
NonOuiJul 14, 2026

Évaluation gratuite des vulnérabilités

Évaluez votre posture de sécurité dans le cloud

Évaluez vos pratiques de sécurité cloud dans 9 domaines de sécurité pour évaluer votre niveau de risque et identifier les failles dans vos défenses.

Demander une évaluation

Obtenez une démo personnalisée

Prêt(e) à voir Wiz en action ?

"La meilleure expérience utilisateur que j’ai jamais vue, offre une visibilité totale sur les workloads cloud."
David EstlickRSSI
"Wiz fournit une interface unique pour voir ce qui se passe dans nos environnements cloud."
Adam FletcherChef du service de sécurité
"Nous savons que si Wiz identifie quelque chose comme critique, c’est qu’il l’est réellement."
Greg PoniatowskiResponsable de la gestion des menaces et des vulnérabilités