Primary

Context

Fortinet FortiDeceptor Argument Injection Vulnerability Allowing Arbitrary Log File Read

Vulnerability

Patched

A vulnerability allowing improper neutralization of argument delimiters in a command, known as argument injection, has been identified in Fortinet FortiDeceptor versions 6.0.0 to 6.0.2, 5.3.0 to 5.3.3, 5.2.0 to 5.2.1, 5.1 (all versions), and 5.0 (all versions). This vulnerability may enable an authenticated attacker with at least read-only admin permissions to read log files by sending HTTP requests that exploit this argument injection flaw.

Impact

Exploitation of this vulnerability leads to unauthorized access to log files, allowing for information disclosure.

Remediation

Users are advised to migrate to a fixed release. Fortinet has not specified which versions are fixed, but users can consult Fortinet's official channels for guidance on available updates.

Added: May 12, 2026, 6:39 PM

Updated: May 12, 2026, 6:39 PM

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

0.6

exploitability

3.0

remediation

7.7

relevance

8.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

0.6

exploitability

3.0

remediation

7.7

relevance

8.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Fortinet FortiDeceptor Argument Injection Vulnerability Allowing Arbitrary Log File Read

Vulnerability

Impact

Remediation

Affected Products

Fortinet FortiDeceptor

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating