Security News

Cybersecurity news aggregator

🛡️
MEDIUM Vulnerabilities Fortinet PSIRT

Arbitrary XML file write in FCConfig

fortinetforticlientcwe-59
  • What: An Improper Link Resolution Before File Access vulnerability [CWE-59] in FortiClient Windows may allow a local low-privilege attacker to perform an arbitrary file write with elevated permissions via crafted named pipe messages.
  • Impact: A local low-privilege attacker can perform an arbitrary file write with elevated permissions.
  • Affected: FortiClientWindows 7.4 (7.4.0 through 7.4.4) and 7.2 (7.2.0 through 7.2.12).
  • Patch: Upgrade to 7.4.5 or above for 7.4, and 7.2.13 or above for 7.2.
Read Full Article →

PSIRT Arbitrary XML file write in FCConfig Summary An Improper Link Resolution Before File Access vulnerability [CWE-59] in FortiClient Windows may allow a local low-privilege attacker to perform an arbitrary file write with elevated permissions via crafted named pipe messages. Version Affected Solution FortiClientWindows 7.6 Not affected Not Applicable FortiClientWindows 7.4 7.4.0 through 7.4.4 Upgrade to 7.4.5 or above FortiClientWindows 7.2 7.2.0 through 7.2.12 Upgrade to 7.2.13 or above FortiClientWindows 7.0 7.0 all versions Migrate to a fixed release Acknowledgement Fortinet is pleased to thank Alexander Staalgaard working with Trend Zero Day Initiative for reporting this vulnerability under responsible disclosure. Timeline 2026-02-10: Initial publication

Related Articles

MEDIUM [NEU] [mittel] Fortinet FortiClient Windows: Schwachstelle ermöglicht Manipulation von Dateien BSI Germany MEDIUM NCSC-2026-0060 [1.00] [M/H] Kwetsbaarheden verholpen in Fortinet FortiSandbox, FortiAuthenticator en FortiClient NCSC Netherlands CRITICAL Fortinet Patches Actively Exploited CVE-2026-35616 in FortiClient EMS The Hacker News CRITICAL Fortinet releases emergency hotfix for FortiClient EMS zero-day flaw CSO Online
Read Full Article → ← Back to News

Share this article

Twitter Facebook LinkedIn