Primary

Context

Fortinet FortiOS and FortiProxy Internal Asset Exposed to Unsafe Debug Access Level Vulnerability Allowing Lua Script Execution

Vulnerability

Patched

A vulnerability allowing execution of Lua scripts via crafted CLI commands has been identified in Fortinet FortiOS and FortiProxy. This issue affects multiple versions across FortiOS 7.6, 7.4, 7.2, 7.0, FortiOS 6.4, and various FortiProxy 7.0 versions. The vulnerability arises from an internal asset being exposed to an unsafe debug access level, which may allow an authenticated admin to exploit the CLI.

Impact

Exploitation of this vulnerability could lead to unauthorized execution of code or commands on the affected system.

Remediation

Users are advised to upgrade Fortinet FortiOS or FortiProxy to the latest versions. Specific upgrade recommendations include FortiOS 7.6.3, 7.4.8, 7.2.11, FortiProxy 7.6.4, 7.4.11, and 7.2.15. Follow the recommended upgrade path using the Fortinet upgrade tool.

Added: Jun 9, 2026, 4:44 PM

Updated: Jun 9, 2026, 4:44 PM

Vulnerability Rating

Custom Algorithm

spread

6.8

impact

7.5

exploitability

3.0

remediation

7.7

relevance

9.6

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.8

impact

7.5

exploitability

3.0

remediation

7.7

relevance

9.6

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Fortinet FortiOS and FortiProxy Internal Asset Exposed to Unsafe Debug Access Level Vulnerability Allowing Lua Script Execution

Vulnerability

Impact

Remediation

Affected Products

Fortinet FortiOS

Fortinet FortiProxy

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating