Heap-based buffer overflow in oftpd daemon
Plan PatchCVSS 7.3FG-IR-26-121Apr 14, 2026
Fortinet
IT in OT - Fortinet products are commonly deployed at IT/OT network boundaries
Attack path
Attack VectorNetwork
Auth RequiredNone
ComplexityHigh
User InteractionNone needed
Summary
A heap-based buffer overflow vulnerability exists in the oftpd daemon on FortiAnalyzer Cloud and FortiManager Cloud versions 7.6.2 through 7.6.4. The vulnerability can be triggered remotely without authentication and may allow an attacker to execute arbitrary code with daemon-level privileges, potentially compromising centralized logging and management functions across managed devices.
What this means
What could happen
A heap-based buffer overflow in the oftpd daemon could allow an attacker to execute arbitrary code on FortiAnalyzer or FortiManager Cloud systems, potentially compromising log data, security policies, and administrative controls across your network.
Who's at risk
Security and network teams using FortiAnalyzer Cloud or FortiManager Cloud (versions 7.6.2 through 7.6.4) for centralized logging, security policy management, and device administration. The systems affected are typically deployed as central management and monitoring platforms for enterprise firewalls and security appliances.
How it could be exploited
An attacker with network access to the oftpd daemon (typically port 22 or internal management ports) could send a specially crafted packet to trigger the buffer overflow, allowing code execution with the privileges of the daemon process.
Prerequisites
- Network access to the oftpd daemon port on FortiAnalyzer or FortiManager Cloud
- No authentication required to trigger the vulnerability
remotely exploitableno authentication requiredhigh CVSS score (7.3)
Exploitability
Unlikely to be exploited — EPSS score 0.1%
Affected products (2)
2 with fix
ProductAffected VersionsFix Status
FortiAnalyzer Cloud7.6.2 - 7.6.47.6.5+
FortiManager Cloud7.6.2 - 7.6.47.6.5+
Remediation & Mitigation
0/3
Do now
0/1FortiManager Cloud
WORKAROUNDRestrict network access to management ports on FortiAnalyzer and FortiManager Cloud to only authorized administrative subnets or IP addresses
Schedule — requires maintenance window
0/2Patching may require device reboot — plan for process interruption
FortiAnalyzer Cloud
HOTFIXUpdate FortiAnalyzer Cloud to version 7.6.5 or later
FortiManager Cloud
HOTFIXUpdate FortiManager Cloud to version 7.6.5 or later
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/5a8f411e-70c4-4eb5-848e-a8b93dd10187Get OT security insights every Tuesday
Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.