PSIRT Firewall policy bypass in FSSO Terminal Services Agent Summary An Improper Verification of Source of a Communication Channel vulnerability [CWE-940] in FortiOS FSSO Terminal Services Agent may allow an authenticated user with knowledge of FSSO policy configurations to gain unauthorized access to protected network resources via crafted requests. Version Affected Solution FortiOS 8.0 Not affected Not Applicable FortiOS 7.6 7.6.0 through 7.6.4 Upgrade to 7.6.5 or above with FSSO TS Agent version 5.0 build 0324 and later FortiOS 7.4 7.4.0 through 7.4.9 Upgrade to upcoming 7.4.10 or above with FSSO TS Agent version 5.0 build 0324 and later FortiOS 7.2 7.2 all versions Migrate to a fixed release FortiOS 7.0 7.0 all versions Migrate to a fixed release FortiOS 6.4 Not affected Not Applicable Follow the recommended upgrade path using our tool at: https://docs.fortinet.com/upgrade-tool Upgrade the FSSO TS Agent to version 5.0 build 0324 and later. Acknowledgement Fortinet is pleased to thank Tijl Deneut from e-BO Enterprises for reporting this vulnerability under responsible disclosure. Timeline 2026-02-10: Initial publication