CVE-2026-39814Relative Path Traversal in Fortinet Fortiweb

CWE-23Relative Path Traversal4 documents4 sources
Severity
6.7MEDIUMNVD
EPSS
0.0%
top 97.95%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Fortinet Fortiweb
Timeline
PublishedApr 14

Description

A relative path traversal vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.2, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4.1 through 7.4.12, FortiWeb 7.2.7 through 7.2.12, FortiWeb 7.0.10 through 7.0.12 may allow attacker to execute unauthorized code or commands via

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9

Affected Packages1 packages

CVEListV5fortinet/fortiweb8.0.08.0.2+2

🔴Vulnerability Details

2
CVEList
CVE-2026-39814: A relative path traversal vulnerability in Fortinet FortiWeb 82026-04-14
GHSA
GHSA-6q7w-cjq4-j969: A relative path traversal vulnerability in Fortinet FortiWeb 82026-04-14

📋Vendor Advisories

1
Fortinet
Multiple Path traversals in CLI2026-04-14
CVE-2026-39814 — Relative Path Traversal in Fortinet | cvebase