PSIRT Stack-based Buffer Overflow in API protection Summary A Stack-based Buffer Overflow vulnerability [CWE-121] in FortiWeb may allow a remote authenticated attacker to execute arbitrary code or commands via crafted HTTP requests. Success of the attack is conditioned to bypassing stack protection and ASLR. Version Affected Solution FortiWeb 8.0 8.0.0 through 8.0.2 Upgrade to 8.0.3 or above FortiWeb 7.6 7.6.0 through 7.6.6 Upgrade to 7.6.7 or above FortiWeb 7.4 7.4 all versions Migrate to a fixed release FortiWeb 7.2 7.2 all versions Migrate to a fixed release FortiWeb 7.0 7.0.2 through 7.0.12 Migrate to a fixed release Acknowledgement Fortinet is pleased to thank Sina Kheirkhah (SinSinology) of watchTowr (watchTowrcyber) for reporting this vulnerability under responsible disclosure. Timeline 2026-03-10: Initial publication IR Number FG-IR-26-087 Published Date Mar 10, 2026 Component API Severity Medium CVSSv3 Score 5.9 Impact Execute unauthorized code or commands CVE ID CVE-2026-24640 Download CVRF CSAF