CVE-2026-59840

Summary

A buffer over-read vulnerability in Fortinet FortiOS 7.6.0 through 7.6.2, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2 all versions, FortiProxy 7.6.0 through 7.6.5, FortiProxy 7.4.0 through 7.4.13, FortiProxy 7.2 all versions may allow attacker to information disclosure via <insert attack vector here>

Affected Software

VendorProductVersion RangeStatus
FortinetFortiOS7.6.0 <= 7.6.2affected
FortinetFortiOS7.4.0 <= 7.4.8affected
FortinetFortiOS7.2.0 <= 7.2.13affected
FortinetFortiOS7.0.0 <= 7.0.19affected
FortinetFortiOS6.4.0 <= 6.4.16affected
FortinetFortiPAM1.7.0affected
FortinetFortiPAM1.6.0 <= 1.6.2affected
FortinetFortiPAM1.5.0 <= 1.5.1affected
FortinetFortiPAM1.4.0 <= 1.4.3affected
FortinetFortiPAM1.3.0 <= 1.3.1affected
FortinetFortiPAM1.2.0affected
FortinetFortiPAM1.1.0 <= 1.1.2affected
FortinetFortiPAM1.0.0 <= 1.0.3affected
FortinetFortiSwitchManager7.2.0 <= 7.2.7affected
FortinetFortiSwitchManager7.0.0 <= 7.0.6affected
FortinetFortiProxy7.6.0 <= 7.6.5affected
FortinetFortiProxy7.4.0 <= 7.4.13affected
FortinetFortiProxy7.2.0 <= 7.2.16affected
FortinetFortiProxy7.0.0 <= 7.0.23affected

Weaknesses

  • CWE-126: Information disclosure

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References