OTPulse

Missing Authentication for critical function in CAPWAP daemon

MonitorCVSS 6.2FG-IR-26-125Apr 14, 2026
Fortinet
IT in OT - Fortinet products are commonly deployed at IT/OT network boundaries
Attack path
Attack VectorAdjacent
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary

Missing authentication in the CAPWAP (Control and Provisioning of Wireless Access Points) daemon on FortiGate devices allows an attacker on the local network to send unauthenticated commands to the daemon. This could permit unauthorized modification of firewall settings or disabling of security features without credentials. The vulnerability affects FortiOS versions 7.6.0–7.6.3, 7.4.0–7.4.8, 7.2.0–7.2.11, and earlier versions in those branches.

What this means
What could happen
An attacker on the local network (AV:A) could send commands to the CAPWAP daemon without authentication, allowing them to modify firewall settings or disable security features on your FortiGate appliance.
Who's at risk
This affects Fortinet FortiGate firewalls running vulnerable FortiOS versions. FortiGate appliances are commonly deployed as perimeter firewalls in utilities, water authorities, and industrial networks to protect critical infrastructure systems. Any organization using FortiGate devices should prioritize patching.
How it could be exploited
An attacker connected to the same network segment as the FortiGate sends unauthenticated CAPWAP protocol messages directly to the daemon. The daemon processes these commands without verifying the sender's identity, allowing configuration changes or feature disablement.
Prerequisites
  • Network access to the FortiGate device on the same local network segment (AV:A)
  • Ability to send CAPWAP protocol packets to the device
  • No credentials required
remotely exploitableno authentication requiredlow complexityaffects firewall configurationlocal network access required (AV:A)
Exploitability
Unlikely to be exploited — EPSS score 0.0%
Affected products (3)
3 with fix
ProductAffected VersionsFix Status
FortiOS7.6.0 - 7.6.37.6.4+
FortiOS7.4.0 - 7.4.87.4.9+
FortiOS7.2.0 - 7.2.11 and 3 more7.2.12+
Remediation & Mitigation
0/4
Do now
0/1
HARDENINGRestrict network access to the FortiGate management interface and CAPWAP port (UDP 5246 and 5247) to trusted administrative networks only using firewall ACLs or switch port security
Schedule — requires maintenance window
0/3

Patching may require device reboot — plan for process interruption

FortiOS
HOTFIXUpdate FortiOS to version 7.6.4 or later (7.6.x branch)
HOTFIXUpdate FortiOS to version 7.4.9 or later (7.4.x branch)
HOTFIXUpdate FortiOS to version 7.2.12 or later (7.2.x branch)
View full vendor advisory
API: /api/v1/advisories/d3e074aa-a16f-4397-8a3c-f97c15b6771b

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.

Missing Authentication for critical function in CAPWAP daemon | CVSS 6.2 - OTPulse