Path Traversal in CLI
MonitorCVSS 5.4FG-IR-26-122Apr 14, 2026
Fortinet
IT in OT - Fortinet products are commonly deployed at IT/OT network boundaries
Attack path
Attack VectorLocal
Auth RequiredHigh
ComplexityLow
User InteractionNone needed
Summary
Path traversal vulnerability in the CLI of FortiOS, FortiPAM, FortiProxy, and FortiSwitchManager allows an authenticated administrator to write or delete arbitrary files on the affected appliance. This can result in system corruption, disabling of security functions, or unauthorized modification of network policies and configurations.
What this means
What could happen
An attacker with administrative access to the CLI can write or delete arbitrary files on affected Fortinet devices, potentially corrupting the system, disabling network protections, or extracting sensitive configuration data.
Who's at risk
This affects network administrators and operators responsible for Fortinet firewalls, proxy servers, PAM (Privileged Access Management) appliances, and network switches. Any organization relying on FortiOS, FortiProxy, FortiPAM, or FortiSwitchManager for network perimeter security, access control, or switch management should assess their deployment versions and apply updates. Critical for environments where Fortinet appliances protect water or electric utility SCADA and IT networks.
How it could be exploited
An attacker with administrative credentials accesses the command-line interface (CLI) and uses path traversal in CLI commands to write or delete files outside intended directories. This could allow modification of system binaries, configuration files, or security policies on the Fortinet appliance.
Prerequisites
- Administrative credentials for CLI access
- Local or remote CLI access to the Fortinet appliance
Requires administrative credentialsLow attack complexityCan corrupt system files and configurationAffects access control and security appliances
Exploitability
Unlikely to be exploited — EPSS score 0.0%
Affected products (14)
14 with fix
ProductAffected VersionsFix Status
FortiOS7.6.0 - 7.6.47.6.5+
FortiOS7.4.0 - 7.4.97.4.10+
FortiOS7.2 all versionsMigrate to fixed release
FortiOS7.0 all versionsMigrate to fixed release
FortiOS6.4 all versionsMigrate to fixed release
FortiPAM1.7.01.7.1+
FortiPAM1.6 all versionsMigrate to fixed release
FortiPAM1.5 all versions and 5 moreMigrate to fixed release
Remediation & Mitigation
0/12
Do now
0/1HARDENINGRestrict CLI access to the Fortinet device to authorized administrative hosts only via firewall rules or network segmentation
Schedule — requires maintenance window
0/11Patching may require device reboot — plan for process interruption
FortiOS
HOTFIXUpdate FortiOS 7.6.0–7.6.4 to version 7.6.5 or later
HOTFIXUpdate FortiOS 7.4.0–7.4.9 to version 7.4.10 or later
HOTFIXMigrate FortiOS 7.2 and 7.0 to a fixed release (7.4.10+ or 7.6.5+)
HOTFIXMigrate FortiOS 6.4 to a supported fixed release
FortiPAM
HOTFIXUpdate FortiPAM 1.7.0 to version 1.7.1 or later
HOTFIXMigrate FortiPAM 1.6 and earlier versions to 1.7.1 or later
FortiProxy
HOTFIXUpdate FortiProxy 7.6.0–7.6.4 to version 7.6.5 or later
HOTFIXUpdate FortiProxy 7.4.0–7.4.11 to version 7.4.12 or later
HOTFIXMigrate FortiProxy 7.2 and 7.0 to a fixed release (7.4.12+ or 7.6.5+)
FortiSwitchManager
HOTFIXUpdate FortiSwitchManager 7.2.0–7.2.7 to version 7.2.8 or later
HOTFIXUpdate FortiSwitchManager 7.0.0–7.0.6 to version 7.0.7 or later
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/618faa88-d2b1-4d6e-9171-c75485426362Get OT security insights every Tuesday
Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.