#VU123701 Stack-based buffer overflow in FortiWeb - CVE-2026-24640
Published: March 10, 2026
Vulnerability identifier: #VU123701
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2026-24640
CWE-ID: CWE-121
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
FortiWeb
FortiWeb
Software vendor:
Fortinet, Inc
Fortinet, Inc
Description
The vulnerability allows a remote privileged user to execute arbitrary code.
The vulnerability exists due to stack-based buffer overflow in API protection. A remote authenticated attacker can execute arbitrary code or commands via crafted HTTP requests. Success of the attack is conditioned to bypassing stack protection and ASLR.
Remediation
Install update from vendor's website.