DoS due to unsafe function in signal handler

MonitorCVSS 5.2FG-IR-26-137May 12, 2026

Fortinet

IT in OT - Fortinet products are commonly deployed at IT/OT network boundaries

Attack path

Attack VectorNetwork

Auth RequiredLow

ComplexityHigh

User InteractionNone needed

Summary

A denial of service vulnerability exists in FortiAnalyzer and FortiManager due to unsafe use of a function in the signal handler. An authenticated attacker can trigger a crash or hang of the management service, rendering the platform unresponsive. Multiple versions are affected: 7.6.0–7.6.4, 7.4.0–7.4.8, and all versions of 7.2, 7.0, and 6.4 lines. Patches are available for 7.6.x and 7.4.x versions; older version lines require migration to a fixed release.

What this means

What could happen

An authenticated attacker could trigger a denial of service condition on FortiAnalyzer or FortiManager, causing the management platform to become unresponsive and disrupting your ability to manage and monitor network devices or security policies.

Who's at risk

Network and security operations teams who use FortiAnalyzer or FortiManager for centralized logging, monitoring, and device management. Any organization relying on these platforms to manage Fortinet devices or aggregate security events should apply patches promptly, as loss of the management platform disrupts operational visibility.

How it could be exploited

An attacker with valid credentials could send a specially crafted request to an unsafe function in the signal handler. The unsafe function call causes the management service to crash or hang, rendering the platform unable to respond to management requests until it is manually restarted.

Prerequisites

Valid authentication credentials for FortiAnalyzer or FortiManager
Network access to the management platform's administrative interface

Requires authenticationMedium complexityCan cause service unavailabilityAffects management/visibility infrastructure

Exploitability

Unlikely to be exploited — EPSS score 0.1%

Affected products (10)

10 with fix

ProductAffected VersionsFix Status

FortiAnalyzer7.6.0 - 7.6.47.6.5+

FortiAnalyzer7.4.0 - 7.4.87.4.9+

FortiAnalyzer7.2 all versionsMigrate to fixed release

FortiAnalyzer7.0 all versionsMigrate to fixed release

FortiAnalyzer6.4 all versionsMigrate to fixed release

FortiManager7.6.0 - 7.6.47.6.5+

FortiManager7.4.0 - 7.4.87.4.9+

FortiManager7.2 all versionsMigrate to fixed release

Remediation & Mitigation

0/7

Do now

0/1

FortiAnalyzer

HARDENINGRestrict administrative access to FortiAnalyzer and FortiManager to authorized personnel and trusted IP addresses using firewall rules or access control lists

Schedule — requires maintenance window

0/6

Patching may require device reboot — plan for process interruption

FortiAnalyzer

HOTFIXUpdate FortiAnalyzer 7.6.x to version 7.6.5 or later

HOTFIXUpdate FortiAnalyzer 7.4.x to version 7.4.9 or later

HOTFIXMigrate FortiAnalyzer 7.2 and 7.0 systems to a supported fixed release (7.4.9+ or 7.6.5+)

FortiManager

HOTFIXUpdate FortiManager 7.6.x to version 7.6.5 or later

HOTFIXUpdate FortiManager 7.4.x to version 7.4.9 or later

HOTFIXMigrate FortiManager 7.2 and 7.0 systems to a supported fixed release (7.4.9+ or 7.6.5+)

CVEs (1)

CVE-2025-67604

View full vendor advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/30d46ba3-07cf-4bac-9940-0394aed92eb7

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.