Description
A UNIX symbolic link (Symlink) following vulnerability in Fortinet FortiClientLinux 7.4.0 through 7.4.4, FortiClientLinux 7.2.2 through 7.2.12 may allow a local and unprivileged user to escalate their privileges to root.
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9Attack Vector: Local
Complexity: Low
Privileges: Low
User Interaction: None
Scope: Unchanged
Confidentiality: High
Integrity: High
Availability: High
Affected Packages2 packages
🔴Vulnerability Details
2CVEListCVE-2026-24018: A UNIX symbolic link (Symlink) following vulnerability in Fortinet FortiClientLinux 7↗2026-03-10 GHSAGHSA-g7vg-vfvv-mr49: A UNIX symbolic link (Symlink) following vulnerability in Fortinet FortiClientLinux 7↗2026-03-10 📋Vendor Advisories
1FortinetLocal privilege escalation via improper symlink following↗2026-03-10 🕵️Threat Intelligence
1WizCVE-2026-24018 Impact, Exploitability, and Mitigation Steps | Wiz↗