PSIRT Integer Overflow Denial of Service in administrative interface Summary An Integer Overflow or Wraparound vulnerability [CWE-190] in FortiWeb may allow a privileged authenticated attacker to perform a denial of service of the system via crafted HTTP requests. Version Affected Solution FortiWeb 8.0 8.0.0 through 8.0.3 Upgrade to 8.0.4 or above FortiWeb 7.6 7.6.0 through 7.6.6 Upgrade to 7.6.7 or above FortiWeb 7.4 7.4 all versions Migrate to a fixed release FortiWeb 7.2 7.2 all versions Migrate to a fixed release FortiWeb 7.0 7.0 all versions Migrate to a fixed release Acknowledgement Fortinet is pleased to thank Jason McFadyen of TrendAI Research for reporting this vulnerability under responsible disclosure. Timeline 2026-04-14: Initial publication IR Number FG-IR-26-108 Published Date Apr 14, 2026 Component GUI Severity Medium Discovered External Attack Type Authenticated Known Exploited No CVSSv3 Score 4.4 Impact Denial of service CVE ID CVE-2026-39811 Download CVRF CSAF