VDB

GCVE-110-NCSC-2026-120

GCVE-110-NCSC-2026-120
Advisory PublishedCVSS 8.1/10
Vulnetix · Advisory published April 15, 2026
A heap-based buffer overflow vulnerability in Fortinet FortiAnalyzer Cloud and FortiManager Cloud versions 7.6.2 to 7.6.4 may allow remote unauthenticated attackers to execute arbitrary code via crafted requests, though exploitation requires significant preparation due to ASLR and network segmentation.

Weaknesses (CWE)

CWE-122Heap-based Buffer OverflowCWE-22Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')CWE-89Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Risk Scores

CVSS 3.1
8.1/10
High · CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Products

VendorProductVersionsPlatforms
Fortinetvers:unknown/*

References

advisory
advisory
advisory
advisory
advisory
advisory
advisory

Browse GCVE Records

72,580 records in the GCVE database · Updated July 15, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›