VDB

CVE-2026-24641

CVE-2026-24641 PUBLISHED CVSS 2.5 LOW

A NULL Pointer Dereference vulnerability [CWE-476] vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.2, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4 all versions, FortiWeb 7.2 all versions, FortiWeb 7.0 all versions may allow an authenticated attacker to crash the HTTP daemon via crafted HTTP requests.

EPSS 0.14% · 33.3th percentile

Risk Scores

CVSS 3.1
2.5
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C
EPSS Score
0.14%
33.3th percentile

Affected Products

VendorProductVersions
FortinetFortiWeb7.0.0, 8.0.0, 7.6.0
fortinetfortiweb8.0.0, 7.0.0, 8.0.0

Timeline

  • Mar 10, 2026 CVE Published
  • Mar 11, 2026 EPSS Score
  • Mar 12, 2026 EPSS Score
  • Mar 12, 2026 CVE Updated
  • Mar 13, 2026 EPSS Score
  • Mar 14, 2026 EPSS Score
  • Mar 15, 2026 EPSS Score
  • Mar 16, 2026 EPSS Score
  • Mar 17, 2026 EPSS Score
  • Mar 17, 2026 Security Advisory
  • Mar 17, 2026 Security Advisory
  • Mar 17, 2026 Security Advisory
Open in Interactive Console →
$ Console Community · 100/wk Open console ›