A local privilege escalation vulnerability (CVE-2026-24018, CVSSv3 7.4) in FortiClientLinux involves improper symlink following (CWE-61), allowing an unprivileged local user to gain root privileges. Affected versions are FortiClientLinux 7.4.0 through 7.4.4 and 7.2.2 through 7.2.12. The fixed versions are FortiClientLinux 7.4.5 or above and 7.2.13 or above.
PSIRT Local privilege escalation via improper symlink following Summary A UNIX symbolic link (Symlink) Following vulnerability [CWE-61] in FortiClientLinux may allow a local and unprivileged user to escalate their privileges to root. Version Affected Solution FortiClientLinux 8.0 Not affected Not Applicable FortiClientLinux 7.4 7.4.0 through 7.4.4 Upgrade to 7.4.5 or above FortiClientLinux 7.2 7.2.2 through 7.2.12 Upgrade to 7.2.13 or above Acknowledgement Fortinet is pleased to thank Febin Mon Saji from Astra Security working with Trend Zero Day Initiative for reporting this vulnerability under responsible disclosure. Timeline 2026-03-10: Initial publication IR Number FG-IR-26-083 Published Date Mar 10, 2026 Component CLI Severity High CVSSv3 Score 7.4 Impact Escalation of privilege CVE ID CVE-2026-24018 Download CVRF CSAF