CVE-2026-59840
FortiOS Analyse et atténuation des vulnérabilités

Aperçu

CVE-2026-59840 is a buffer over-read vulnerability (CWE-126) in Fortinet FortiOS, FortiProxy, and FortiSASE that may allow an authenticated remote attacker to return a portion of device memory via a specially crafted request. Affected versions include FortiOS 7.6.0–7.6.2, 7.4.0–7.4.8, and 7.2 (all versions); FortiProxy 7.6.0–7.6.5, 7.4.0–7.4.13, and 7.2 (all versions). The vulnerability was publicly disclosed on July 14, 2026, and carries a CVSSv3.1 base score of 4.1–4.3 (Medium) (FortiGuard Advisory, Feedly).

Détails techniques

The root cause is a buffer over-read (CWE-126) in the authd and wad daemons of FortiOS and FortiProxy. An authenticated attacker can submit a specially crafted request that causes the affected daemon to include adjacent memory contents in the redirect response, potentially leaking sensitive in-memory data. Exploitation requires low-level authenticated access over the network (no user interaction required), and the attack vector is network-based with low complexity (FortiGuard Advisory). No public proof-of-concept code has been identified at this time (Feedly).

Impact

Successful exploitation results in partial information disclosure — specifically, a portion of device memory may be returned to the attacker in a redirect response. The confidentiality impact is low, with no integrity or availability impact. While the leaked memory could potentially contain sensitive configuration data, credentials, or session tokens, the scope is limited to the affected device and does not directly enable lateral movement or remote code execution (FortiGuard Advisory, Feedly).

Atténuation et solutions de contournement

Fortinet has released patched versions to address this vulnerability. Users should upgrade to the following fixed releases: FortiOS 7.6.4 or above (for 7.6.x), FortiOS 7.4.9 or above (for 7.4.x), and FortiOS 7.2 users should migrate to a fixed release. For FortiProxy, upgrade to 7.6.6 or above (for 7.6.x) or 7.4.14 or above (for 7.4.x); FortiProxy 7.2 users should migrate to a fixed release. A virtual patch named FG-VD-58646.0day is also available in FMWP database update 26.010 for environments that cannot immediately upgrade. Fortinet recommends using the official upgrade path tool at https://docs.fortinet.com/upgrade-tool and restricting management interface access to trusted administrators only (FortiGuard Advisory).

Réactions de la communauté

The vulnerability was reported to Fortinet by Vang3lis and Cyth from VARAS@IIE under responsible disclosure, and Fortinet acknowledged their contribution in the official advisory. No significant broader media coverage or notable researcher commentary beyond the initial disclosure has been identified at this time (FortiGuard Advisory).

Ressources additionnelles


SourceCe rapport a été généré à l’aide de l’IA

Apparenté FortiOS Vulnérabilités:

Identifiant CVE

Sévérité

Score

Technologies

Nom du composant

Exploit CISA KEV

A corrigé

Date de publication

CVE-2026-59837MEDIUM6.6
  • FortiOS logoFortiOS
  • cpe:2.3:o:fortinet:fortios
NonOuiJul 14, 2026
CVE-2026-23573MEDIUM6.1
  • FortiOS logoFortiOS
  • cpe:2.3:a:fortinet:fortiproxy
NonOuiJul 14, 2026
CVE-2026-59839MEDIUM5.5
  • FortiOS logoFortiOS
  • cpe:2.3:a:fortinet:fortiproxy
NonOuiJul 14, 2026
CVE-2026-59840MEDIUM4.3
  • FortiOS logoFortiOS
  • cpe:2.3:a:fortinet:fortiproxy
NonOuiJul 14, 2026
CVE-2025-62826MEDIUM4.3
  • FortiOS logoFortiOS
  • cpe:2.3:a:fortinet:fortiproxy
NonOuiJul 14, 2026

Évaluation gratuite des vulnérabilités

Évaluez votre posture de sécurité dans le cloud

Évaluez vos pratiques de sécurité cloud dans 9 domaines de sécurité pour évaluer votre niveau de risque et identifier les failles dans vos défenses.

Demander une évaluation

Obtenez une démo personnalisée

Prêt(e) à voir Wiz en action ?

"La meilleure expérience utilisateur que j’ai jamais vue, offre une visibilité totale sur les workloads cloud."
David EstlickRSSI
"Wiz fournit une interface unique pour voir ce qui se passe dans nos environnements cloud."
Adam FletcherChef du service de sécurité
"Nous savons que si Wiz identifie quelque chose comme critique, c’est qu’il l’est réellement."
Greg PoniatowskiResponsable de la gestion des menaces et des vulnérabilités