Fortinet Fortindr vulnerabilities

14 known vulnerabilities affecting fortinet/fortindr.

Total CVEs

CISA KEV

actively exploited

Public exploits

Exploited in wild

Severity breakdown

CRITICAL1HIGH6MEDIUM7

Vulnerabilities

Page 1 of 1

CVE-2026-25088HIGHCVSS 8.8≥ 7.0.0, < 7.4.10≥ 7.6.0, < 7.6.3+5 more2026-05-12

CVE-2026-25088 [HIGH] CWE-89 CVE-2026-25088: An improper neutralization of special elements used in an sql command ('sql injection') vulnerabilit An improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiNDR 7.6.0 through 7.6.2, FortiNDR 7.4.0 through 7.4.9, FortiNDR 7.2 all versions, FortiNDR 7.1 all versions, FortiNDR 7.0 all versions may allow an authenticated attacker to execute unauthorized code or commands via specifically crafte

nvd

CVE-2024-23104MEDIUMCVSS 4.3≥ 7.0.0, < 7.4.9v7.6.0+4 more2026-04-14

CVE-2024-23104 [MEDIUM] CWE-200 CVE-2024-23104: An exposure of sensitive information to an unauthorized actor vulnerability in Fortinet FortiNDR 7.6 An exposure of sensitive information to an unauthorized actor vulnerability in Fortinet FortiNDR 7.6.0, FortiNDR 7.4.0 through 7.4.8, FortiNDR 7.2 all versions, FortiNDR 7.1 all versions, FortiNDR 7.0 all versions, FortiVoice 7.0.0 through 7.0.1 may allow a remote authenticated attacker with at least read-only permission on system maintenance to acc

nvdfortinet

CVE-2024-47569MEDIUMCVSS 4.3≥ 1.5.0, < 7.4.9≥ 7.6.0, ≤ 7.6.2+5 more2025-10-14

CVE-2024-47569 [MEDIUM] CWE-201 CVE-2024-47569: A insertion of sensitive information into sent data vulnerability in Fortinet FortiMail 7.4.0 throug A insertion of sensitive information into sent data vulnerability in Fortinet FortiMail 7.4.0 through 7.4.2, FortiMail 7.2.0 through 7.2.6, FortiMail 7.0 all versions, FortiManager 7.6.0 through 7.6.1, FortiManager 7.4.1 through 7.4.3, FortiManager Cloud 7.4.1 through 7.4.3, FortiNDR 7.6.0 through 7.6.1, FortiNDR 7.4.0 through 7.4.8, FortiNDR 7.2 al

nvdfortinet

CVE-2024-40588MEDIUMCVSS 4.4≥ 7.0.0, < 7.4.7≥ 7.6.0, < 7.6.2+5 more2025-08-12

CVE-2024-40588 [MEDIUM] CWE-23 CVE-2024-40588: Multiple relative path traversal vulnerabilities [CWE-23] vulnerability in Fortinet FortiCamera 2.1 Multiple relative path traversal vulnerabilities [CWE-23] vulnerability in Fortinet FortiCamera 2.1 all versions, FortiCamera 2.0.0, FortiCamera 1.1 all versions, FortiCamera 1.0 all versions, FortiMail 7.6.0 through 7.6.1, FortiMail 7.4.0 through 7.4.3, FortiMail 7.2 all versions, FortiMail 7.0 all versions, FortiMail 6.4 all versions, FortiNDR 7.6.0

nvdfortinet

CVE-2025-32756CRITICALCVSS 9.8KEV≥ 7.0.0, < 7.0.7≥ 7.2.0, < 7.2.5+15 more2025-05-13

CVE-2025-32756 [CRITICAL] CWE-121 CVE-2025-32756: A stack-based buffer overflow vulnerability [CWE-121] vulnerability in Fortinet FortiCamera 2.1.0 th A stack-based buffer overflow vulnerability [CWE-121] vulnerability in Fortinet FortiCamera 2.1.0 through 2.1.3, FortiCamera 2.0 all versions, FortiCamera 1.1 all versions, FortiMail 7.6.0 through 7.6.2, FortiMail 7.4.0 through 7.4.4, FortiMail 7.2.0 through 7.2.7, FortiMail 7.0.0 through 7.0.8, FortiNDR 7.6.0, FortiNDR 7.4.0 through 7.4.7, FortiN

nvdfortinet

CVE-2023-33302HIGHCVSS 8.8≥ 1.1.0, < 7.2.1v7.2.0+7 more2025-03-31

CVE-2023-33302 [HIGH] CWE-120 CVE-2023-33302: A buffer copy without checking size of input ('classic buffer overflow') in Fortinet FortiMail webm A buffer copy without checking size of input ('classic buffer overflow') in Fortinet FortiMail webmail and administrative interface version 6.4.0 through 6.4.4 and before 6.2.6 and FortiNDR administrative interface version 7.2.0 and before 7.1.0 allows an authenticated attacker with regular webmail access to trigger a buffer overflow and to possibly e

nvd

CVE-2021-24008MEDIUMCVSS 5.3≥ 1.5.0, ≤ 1.5.3v1.4.0+3 more2025-03-28

CVE-2021-24008 [MEDIUM] CWE-200 CVE-2021-24008: An exposure of sensitive system information to an unauthorized control sphere vulnerability [CWE-497 An exposure of sensitive system information to an unauthorized control sphere vulnerability [CWE-497] in FortiDDoS version 5.4.0, version 5.3.2 and below, version 5.2.0, version 5.1.0, version 5.0.0, version 4.7.0, version 4.6.0, version 4.5.0, version 4.4.2 and below, FortiDDoS-CM version 5.3.0, version 5.2.0, version 5.1.0, version 5.0.0, version

nvd

CVE-2024-47573MEDIUMCVSS 6.5≥ 7.0.0, < 7.2.2≥ 7.4.0, < 7.4.3+4 more2025-03-14

CVE-2024-47573 [MEDIUM] CWE-354 CVE-2024-47573: An improper validation of integrity check value vulnerability [CWE-354] in FortiNDR version 7.4.2 an An improper validation of integrity check value vulnerability [CWE-354] in FortiNDR version 7.4.2 and below, version 7.2.1 and below, version 7.1.1 and below, version 7.0.6 and below may allow an authenticated attacker with at least Read/Write permission on system maintenance to install a corrupted firmware image.

nvdfortinet

CVE-2023-48790HIGHCVSS 8.8≥ 1.5.0, < 7.0.6≥ 7.1.0, < 7.1.2+5 more2025-03-11

CVE-2023-48790 [HIGH] CWE-352 CVE-2023-48790: A cross site request forgery vulnerability [CWE-352] in Fortinet FortiNDR version 7.4.0, 7.2.0 throu A cross site request forgery vulnerability [CWE-352] in Fortinet FortiNDR version 7.4.0, 7.2.0 through 7.2.1 and 7.1.0 through 7.1.1 and before 7.0.5 may allow a remote unauthenticated attacker to execute unauthorized actions via crafted HTTP GET requests.

nvdfortinet

CVE-2022-23439MEDIUMCVSS 6.1≥ 1.4.0, < 7.1.1v7.2.0+7 more2025-01-22

CVE-2022-23439 [MEDIUM] CWE-610 CVE-2022-23439: A externally controlled reference to a resource in another sphere vulnerability in Fortinet allows A externally controlled reference to a resource in another sphere vulnerability in Fortinet allows attacker to poison web caches via crafted HTTP requests, where the `Host` header points to an arbitrary webserver

nvdfortinet

CVE-2022-27488HIGHCVSS 8.8≥ 7.0.0, ≤ 7.0.4v7.1.0+5 more2023-12-13

CVE-2022-27488 [HIGH] CWE-352 CVE-2022-27488: A cross-site request forgery (CSRF) in Fortinet FortiVoiceEnterprise version 6.4.x, 6.0.x, FortiSwit A cross-site request forgery (CSRF) in Fortinet FortiVoiceEnterprise version 6.4.x, 6.0.x, FortiSwitch version 7.0.0 through 7.0.4, 6.4.0 through 6.4.10, 6.2.0 through 6.2.7, 6.0.x, FortiMail version 7.0.0 through 7.0.3, 6.4.0 through 6.4.6, 6.2.x, 6.0.x FortiRecorder version 6.4.0 through 6.4.2, 6.0.x, 2.7.x, 2.6.x, FortiNDR version 1.x.x allows a re

nvdfortinet

CVE-2021-36193HIGHCVSS 7.2≥ 1.5.0, ≤ 1.5.3v1.4.0+3 more2022-02-02

CVE-2021-36193 [HIGH] CWE-121 CVE-2021-36193: Multiple stack-based buffer overflows in the command line interpreter of FortiWeb before 6.4.2 may a Multiple stack-based buffer overflows in the command line interpreter of FortiWeb before 6.4.2 may allow an authenticated attacker to achieve arbitrary code execution via specially crafted commands.

nvd

CVE-2021-42757MEDIUMCVSS 6.7≥ 1.1.0, ≤ 1.5.2≥ 1.5.0, ≤ 1.5.2+4 more2021-12-08

CVE-2021-42757 [MEDIUM] CWE-120 CVE-2021-42757: A buffer overflow [CWE-121] in the TFTP client library of FortiOS before 6.4.7 and FortiOS 7.0.0 thr A buffer overflow [CWE-121] in the TFTP client library of FortiOS before 6.4.7 and FortiOS 7.0.0 through 7.0.2, may allow an authenticated local attacker to achieve arbitrary code execution via specially crafted command line arguments.

nvdfortinet

CVE-2021-22129HIGHCVSS 8.82021-07-09

CVE-2021-22129 [HIGH] CWE-120 Multiple instances of incorrect calculation of buffer size in the Webmail and Administrative interface of FortiMail befo... FG-IR-21-023: Multiple instances of incorrect calculation of buffer size in the Webmail and Administrative interface of FortiMail befo... Multiple instances of incorrect calculation of buffer size in the Webmail and Administrative interface of FortiMail before 6.4.5 may allow an authenticated attacker with regular webmail access to trigger a b

fortinet