Fortinet FortiAnalyzer
Moderate fix2 remedies
cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*, +1 more
Moderate fix2 remedies
- >= 7.6.0, <= 7.6.4
- >= 7.4.0, <= 7.4.7
- ~7.2
- ~7.0
Fortinet Products Path Traversal Vulnerability Allowing File Deletion via CLI
Vulnerability
Patched
A path traversal vulnerability has been identified in multiple Fortinet products, including FortiAnalyzer, FortiAnalyzer Cloud, FortiManager, and FortiManager Cloud. This vulnerability allows a privileged attacker to delete files from the underlying filesystem by sending crafted CLI requests. The issue arises from an improper restriction of pathnames, enabling unauthorized file deletion.
Impact
Exploitation of this vulnerability could lead to unauthorized file deletion from the system's filesystem.
Remediation
Users can upgrade FortiAnalyzer to version 7.6.5 or 7.4.8, depending on their current version. FortiManager users should upgrade to the same respective versions. FortiAnalyzer Cloud and FortiManager Cloud users can also upgrade to the latest versions. For those on FortiAnalyzer or FortiManager 7.2 or 7.0, migration to a fixed release is recommended.
Added: Apr 14, 2026, 5:47 PM
Updated: Apr 14, 2026, 5:47 PM
Vulnerability Rating
Custom Algorithm
spread
5.0impact
2.5exploitability
3.4remediation
7.7relevance
5.9threat
0.0urgency
2.9incentive
0.0Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.