Volerion logoVolerion
Volerion logoVolerion

Fortinet FortiAnalyzer and FortiManager Use of Dangerous Function Vulnerability Leading to Denial-of-Service

Vulnerability

A vulnerability allowing denial-of-service conditions has been identified in Fortinet FortiAnalyzer and FortiManager. This issue affects multiple versions across different release branches. The vulnerability arises from a use of potentially dangerous functions in the API, which can be exploited by an authenticated attacker. By sending multiple specially crafted HTTP requests, the attacker can cause the system to hang and crash. This disruption occurs if internal locks are aligned, a condition that is not under the attacker's control.

Impact

Exploitation of this vulnerability leads to a system hang, causing crashes and disrupting normal operations.

Remediation

Users can upgrade FortiAnalyzer to version 7.6.5 or 7.4.9, depending on their current version. FortiManager users should upgrade to the same respective versions. For FortiAnalyzer and FortiManager 7.2, users should migrate to a fixed release.

Added: May 12, 2026, 6:44 PM
Updated: May 12, 2026, 6:44 PM

Vulnerability Rating

Custom Algorithm
spread
5.0
impact
2.5
exploitability
4.8
remediation
7.7
relevance
8.1
threat
0.0
urgency
2.9
incentive
0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.