A classic buffer overflow vulnerability (CVE-2026-22627, CVSSv3 7.7) in FortiSwitchAXFixed allows unauthenticated attackers on the same network to execute arbitrary code via a specially crafted LLDP packet. The vulnerability affects FortiSwitchAXFixed versions 1.0.0 through 1.0.1. Fortinet has resolved the issue in version 1.0.2.
PSIRT Buffer Overflow in LLDP OUI field Summary A Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability [CWE-120] in FortiSwitchAXFixed may allow an unauthenticated attacker within the same adjacent network to execute unauthorized code or commands on the device via sending a crafted LLDP packet. Version Affected Solution FortiSwitchAXFixed 1.0 1.0.0 through 1.0.1 Upgrade to 1.0.2 or above Acknowledgement Internally discovered and reported by Yonghui Han of Fortinet Product Security team. Timeline 2026-03-10: Initial publication IR Number FG-IR-26-086 Published Date Mar 10, 2026 Component OTHERS Severity High CVSSv3 Score 7.7 Impact Execute unauthorized code or commands CVE ID CVE-2026-22627 Download CVRF CSAF