CVE-2026-59839

EUVD-2026-43717
A improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in Fortinet FortiOS 7.6.0 through 7.6.6, FortiOS 7.4.0 through 7.4.9, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions, FortiPAM 1.8.0, FortiPAM 1.7.0 through 1.7.2, FortiPAM 1.6 all versions, FortiPAM 1.5 all versions, FortiPAM 1.4 all versions, FortiPAM 1.3 all versions, FortiPAM 1.2 all versions, FortiPAM 1.1 all versions, FortiPAM 1.0 all versions, FortiProxy 7.6.0 through 7.6.5, FortiProxy 7.4 through 7.4.13, FortiProxy 7.2 all versions, FortiProxy 7.0 all versions may allow attacker to execute unauthorized code or commands via <insert attack vector here>
Path Traversal
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
fortinetCNA
5.5 MEDIUM
PHYSICAL
LOW
HIGH
CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
fortinetfortiproxy
7.6.0 ≤
𝑥
≤ 7.6.5
CNA
fortinetfortiproxy
7.4.0 ≤
𝑥
≤ 7.4.13
CNA
fortinetfortiproxy
7.2.0 ≤
𝑥
≤ 7.2.16
CNA
fortinetfortiproxy
7.0.0 ≤
𝑥
≤ 7.0.23
CNA
fortinetfortiproxy
7.6.0 ≤
𝑥
≤ 7.6.6
CNA
fortinetfortiproxy
7.4.0 ≤
𝑥
≤ 7.4.9
CNA
fortinetfortiproxy
7.2.0 ≤
𝑥
≤ 7.2.13
CNA
fortinetfortiproxy
7.0.0 ≤
𝑥
≤ 7.0.19
CNA
fortinetfortiproxy
6.4.0 ≤
𝑥
≤ 6.4.16
CNA
fortinetfortiproxy
1.8.0
CNA
fortinetfortiproxy
1.7.0 ≤
𝑥
≤ 1.7.2
CNA
fortinetfortiproxy
1.6.0 ≤
𝑥
≤ 1.6.2
CNA
fortinetfortiproxy
1.5.0 ≤
𝑥
≤ 1.5.1
CNA
fortinetfortiproxy
1.4.0 ≤
𝑥
≤ 1.4.3
CNA
fortinetfortiproxy
1.3.0 ≤
𝑥
≤ 1.3.1
CNA
fortinetfortiproxy
1.2.0
CNA
fortinetfortiproxy
1.1.0 ≤
𝑥
≤ 1.1.2
CNA
fortinetfortiproxy
1.0.0 ≤
𝑥
≤ 1.0.3
CNA