CVE-2026-24641

Summary

A NULL Pointer Dereference vulnerability [CWE-476] vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.2, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4 all versions, FortiWeb 7.2 all versions, FortiWeb 7.0 all versions may allow an authenticated attacker to crash the HTTP daemon via crafted HTTP requests.

Affected Software

VendorProductVersion RangeStatus
FortinetFortiWeb8.0.0 <= 8.0.2affected
FortinetFortiWeb7.6.0 <= 7.6.6affected
FortinetFortiWeb7.4.0 <= 7.4.12affected
FortinetFortiWeb7.2.0 <= 7.2.12affected
FortinetFortiWeb7.0.0 <= 7.0.12affected

Weaknesses

  • CWE-476: Denial of service

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References