PSIRT Stack buffer overflow in API Summary A Stack-based Buffer Overflow vulnerability [CWE-121] in FortiWeb may allow a remote authenticated attacker who can bypass stack protection and ASLR to execute arbitrary code or commands via crafted HTTP requests. Version Affected Solution FortiWeb 8.0 8.0.0 through 8.0.3 Upgrade to 8.0.4 or above FortiWeb 7.6 7.6.0 through 7.6.6 Upgrade to 7.6.7 or above FortiWeb 7.4 7.4.0 through 7.4.11 Upgrade to 7.4.12 or above FortiWeb 7.2 7.2 all versions Migrate to a fixed release FortiWeb 7.0 7.0 all versions Migrate to a fixed release Acknowledgement Internally discovered and reported by David Maciejak of Fortinet Product Security team. Timeline 2026-03-10: Initial publication IR Number FG-IR-26-093 Published Date Mar 10, 2026 Component API Severity Medium CVSSv3 Score 5.9 Impact Execute unauthorized code or commands CVE ID CVE-2026-30897 Download CVRF CSAF