CVE-2026-24641 — NULL Pointer Dereference in Fortinet Fortiweb

CWE-476 — NULL Pointer Dereference5 documents5 sources

Severity

6.5MEDIUMNVD

CNA2.7

EPSS

0.2%

top 63.22%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Fortinet Fortiweb

Timeline

PublishedMar 10

Description

A NULL Pointer Dereference vulnerability [CWE-476] vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.2, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4 all versions, FortiWeb 7.2 all versions, FortiWeb 7.0 all versions may allow an authenticated attacker to crash the HTTP daemon via crafted HTTP requests.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

▶NVDfortinet/fortiweb7.0.0 — 7.6.7+1

▶CVEListV5fortinet/fortiweb8.0.0 — 8.0.2+4

🔴Vulnerability Details

GHSA

GHSA-m9vh-p652-j35f: A NULL Pointer Dereference vulnerability [CWE-476] vulnerability in Fortinet FortiWeb 8↗2026-03-10

▶

CVEList

CVE-2026-24641: A NULL Pointer Dereference vulnerability [CWE-476] vulnerability in Fortinet FortiWeb 8↗2026-03-10

▶

📋Vendor Advisories

Fortinet

Null Pointer Dereference in Anti-Defacement feature↗2026-03-10

▶

🕵️Threat Intelligence

Wiz

CVE-2026-24641 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶