Main Vulnerability Database SB2026060945

SB2026060945 - Internal Asset Exposed to Unsafe Debug Access Level or State in FortiOS and FortiProxy

Published: June 9, 2026

Security Bulletin ID SB2026060945

CSH Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 vulnerability.

1) Internal Asset Exposed to Unsafe Debug Access Level or State (CVE-ID: CVE-2025-67862)

CWE-ID: CWE-1244 - Internal Asset Exposed to Unsafe Debug Access Level or State

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a local privileged user to execute arbitrary code.

The vulnerability exists due to internal asset exposed to unsafe debug access level or state. An authenticated admin can execute lua scripts via crafted CLI commands.

Remediation

Install update from vendor's website.

References

https://www.fortiguard.com/psirt/FG-IR-26-143