PSIRT Multiple Path traversals in CLI Summary Multiple Relative Path Traversal vulnerabilities [CWE-23] in FortiWeb may allow a local privileged attacker to execute unauthorized code on the underlying system via crafted CLI commands. Version Affected Solution FortiWeb 8.0 8.0.0 through 8.0.2 Upgrade to 8.0.3 or above FortiWeb 7.6 7.6.0 through 7.6.6 Upgrade to 7.6.7 or above FortiWeb 7.4 7.4.1 through 7.4.12 Migrate to a fixed release FortiWeb 7.2 7.2.7 through 7.2.12 Migrate to a fixed release FortiWeb 7.0 7.0.10 through 7.0.12 Migrate to a fixed release Acknowledgement Fortinet is pleased to thank Sil3N4v and BlueH3lm for reporting this vulnerability under responsible disclosure. Timeline 2026-04-14: Initial publication IR Number FG-IR-26-114 Published Date Apr 14, 2026 Component CLI Severity Medium Discovered External Attack Type Authenticated Known Exploited No CVSSv3 Score 6.2 Impact Execute unauthorized code or commands CVE ID CVE-2026-39814 Download CVRF CSAF