CVE-2026-21741

Summary

An URL Redirection to Untrusted Site ('Open Redirect') vulnerability [CWE-601] vulnerability in Fortinet FortiNAC-F 7.6.0 through 7.6.5, FortiNAC-F 7.4 all versions, FortiNAC-F 7.2 all versions may allow a remote privileged attacker with system administrator role to redirect users to an arbitrary website via crafted CSV file.

Affected Software

VendorProductVersion RangeStatus
FortinetFortiNAC-F7.6.0 <= 7.6.5affected
FortinetFortiNAC-F7.4.0 <= 7.4.3affected
FortinetFortiNAC-F7.2.0 <= 7.2.9affected

Weaknesses

  • CWE-601: Execute unauthorized code or commands

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References