SB20260414124 - Multiple vulnerabilities in FortiOS

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB20260414124

SB20260414124 - Multiple vulnerabilities in FortiOS

Published: April 14, 2026 Updated: May 12, 2026

Security Bulletin ID SB20260414124
CSH Severity
Medium
Patch available
YES
Number of vulnerabilities 2
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

Medium 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 2 vulnerabilities.


1) Missing Authentication for Critical Function (CVE-ID: CVE-2025-53847)

CWE-ID: CWE-306 - Missing Authentication for Critical Function

CVSSv4: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote non-authenticated attacker to manipulate data.

The vulnerability exists due to missing authentication for critical function in CAPWAP daemon. A remnote unauthenticated attacker on the same local IP subnet can write device configuration via specially crafted requests. To be successful, this attack requires the targeted FortiGate device to run a specific, non default configuration.


2) Out-of-bounds write (CVE-ID: CVE-2025-53844)

CWE-ID: CWE-787 - Out-of-bounds write

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote user to execute unauthorized code or commands.

The vulnerability exists due to out-of-bounds write in the CAPWAP daemon when handling CAPWAP communications from an authenticated FortiAP, FortiExtender, or FortiSwitch. A remote user can send crafted CAPWAP traffic to execute unauthorized code or commands.

Exploitation requires control of an authenticated FortiAP, FortiExtender, or FortiSwitch connected to the FortiGate device.


Remediation

Install update from vendor's website.

References