A heap-based buffer overflow (CVE-2026-22828, CVSSv3 7.3) in the oftpd daemon of FortiAnalyzer Cloud and FortiManager Cloud allows unauthenticated remote code execution via crafted requests. Affected versions are 7.6.2 through 7.6.4 for both products, requiring an upgrade to version 7.6.5 or above. While exploitation is mitigated by ASLR and network segmentation, successful attacks could lead to privilege escalation.
PSIRT Heap-based buffer overflow in oftpd daemon Summary A heap-based buffer overflow vulnerability [CWE-122] in FortiAnalyzer Cloud oftpd daemon may allow a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests. Successful exploitation would require a large amount of effort in preparation because of ASLR and network segmentation Version Affected Solution FortiAnalyzer Cloud 7.6 7.6.2 through 7.6.4 Upgrade to 7.6.5 or above FortiManager Cloud 7.6 7.6.2 through 7.6.4 Upgrade to 7.6.5 or above Thanks to network segmentation, this vulnerability could only be exploited if the attacker has already access to another cloud component belonging to the same entity. Acknowledgement Internally discovered and reported by Gwendal Guégniaud of Fortinet Product Security team. Timeline 2026-04-14: Initial publication IR Number FG-IR-26-121 Published Date Apr 14, 2026 Component OTHERS Severity High Discovered Internal Attack Type Unauthenticated Known Exploited No CVSSv3 Score 7.3 Impact Escalation of privilege CVE ID CVE-2026-22828 Download CVRF CSAF