SB2026031099 - Multiple vulnerabilities in FortiSwitch AX

Description

This security bulletin contains information about 2 secuirty vulnerabilities.

1) Improper access control (CVE-ID: CVE-2026-22628)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to improperly imposed security restrictions. A local administrator can bypass shell command limitations and execute arbitrary commands via a specifically crafted SSH config file.

2) Buffer overflow (CVE-ID: CVE-2026-22627)

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to a boundary error when handling LLDP packets. A remote attacker on the local network can send specially crafted packets to the affected device, trigger a buffer overflow and execute arbitrary code on the system.

Remediation

Install update from vendor's website.

References

• https://www.fortiguard.com/psirt/FG-IR-26-085
• https://www.fortiguard.com/psirt/FG-IR-26-086