CVE-2024-26008: 
FortiOS vulnerability analysis and mitigation

CVE-2024-26008 is an improper check or handling of exceptional conditions vulnerability [CWE-703] discovered in the fgfm daemon of multiple Fortinet products, including FortiOS, FortiProxy, FortiPAM, and FortiSwitchManager. The vulnerability was discovered internally by Théo Leleu of Fortinet Product Security team and was initially published on October 14, 2025. The affected systems include FortiOS versions 7.4.0 through 7.4.3 and before 7.2.7, FortiProxy versions 7.4.0 through 7.4.3 and before 7.2.9, FortiPAM before 1.2.0, and FortiSwitchManager versions 7.2.0 through 7.2.3 and 7.0.0 through 7.0.3 (Fortinet Advisory, NVD).

The vulnerability exists in the fgfm daemon of affected Fortinet products and allows an unauthenticated attacker to repeatedly reset the fgfm connection through crafted SSL encrypted TCP requests. The vulnerability has been assigned a CVSS v3.1 base score of 5.3 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L (Fortinet Advisory).

The primary impact of this vulnerability is a denial of service condition, as successful exploitation allows an attacker to repeatedly disrupt the fgfm connection. The vulnerability affects the availability of the system while leaving confidentiality and integrity intact (Fortinet Advisory).

Fortinet has released fixes for affected versions and recommends upgrading to the following versions: FortiOS 7.4.4 or above for 7.4.x versions, FortiOS 7.2.8 or above for 7.2.x versions, FortiProxy 7.4.4 or above for 7.4.x versions, FortiProxy 7.2.10 or above for 7.2.x versions, FortiSwitchManager 7.2.4 or above for 7.2.x versions, and FortiSwitchManager 7.0.4 or above for 7.0.x versions. For older versions, migration to a fixed release is recommended (Fortinet Advisory).