CVE-2026-59838

Summary

A improper neutralization of script-related html tags in a web page (basic xss) vulnerability in Fortinet FortiSIEM 7.4.0, FortiSIEM 7.3.0 through 7.3.4, FortiSIEM 7.2.0 through 7.2.6, FortiSIEM 7.1 all versions, FortiSIEM 7.0 all versions, FortiSIEM 6.7 all versions, FortiSIEM 6.6 all versions, FortiSIEM 6.5 all versions, FortiSIEM 6.4 all versions may allow attacker to execute unauthorized code or commands via <insert attack vector here>

Affected Software

VendorProductVersion RangeStatus
FortinetFortiSIEM7.4.0affected
FortinetFortiSIEM7.3.0 <= 7.3.4affected
FortinetFortiSIEM7.2.0 <= 7.2.6affected
FortinetFortiSIEM7.1.0 <= 7.1.9affected
FortinetFortiSIEM7.0.0 <= 7.0.4affected
FortinetFortiSIEM6.7.0 <= 6.7.10affected
FortinetFortiSIEM6.6.0 <= 6.6.5affected
FortinetFortiSIEM6.5.0 <= 6.5.3affected
FortinetFortiSIEM6.4.0 <= 6.4.4affected
FortinetFortiSIEM6.3.0 <= 6.3.3affected
FortinetFortiSIEM6.2.0 <= 6.2.1affected

Weaknesses

  • CWE-80: Execute unauthorized code or commands

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References