Primary

Context

Fortinet FortiPortal Improper Access Control Vulnerability in API Endpoints

Vulnerability

Patched

A vulnerability allowing improper access control has been identified in Fortinet FortiPortal versions 7.4.0 through 7.4.7, 7.2.0 through 7.2.8, and all versions of 7.0. This vulnerability may allow a remote privileged attacker with an organization user role to access sensitive network configuration data by sending crafted HTTP requests to certain API endpoints.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive network configuration data.

Remediation

Users of Fortinet FortiPortal 7.4 should upgrade to version 7.4.8 or above. Users of Fortinet FortiPortal 7.2 should upgrade to version 7.2.9 or above. Users of Fortinet FortiPortal 7.0 should migrate to a fixed release.

Added: Jun 9, 2026, 4:30 PM

Updated: Jun 9, 2026, 4:30 PM

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

2.5

exploitability

4.9

remediation

7.7

relevance

9.4

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

2.5

exploitability

4.9

remediation

7.7

relevance

9.4

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Fortinet FortiPortal Improper Access Control Vulnerability in API Endpoints

Vulnerability

Impact

Remediation

Affected Products

Fortinet FortiPortal

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating