Security News

Cybersecurity news aggregator

🛡️
MEDIUM Vulnerabilities Fortinet PSIRT

Request smuggling attack in FortiOS GUI

fortinetrequest-smugglingmitre-ta0001mitre-t1190
  • What: An HTTP request smuggling vulnerability exists in FortiOS that could allow an unauthenticated attacker to smuggle unlogged HTTP requests through firewall policies.
  • Impact: An attacker could bypass security policies by crafting a malicious header.
  • Affected: FortiOS versions 7.6.0, 7.4.0 through 7.4.9, 7.2 all versions, 7.0 all versions, and 6.4.3 through 6.4.16.
  • Patch: Upgrade to FortiOS 7.6.1 or 7.4.10 or migrate to a fixed release.
Read Full Article →

PSIRT Request smuggling attack in FortiOS GUI Summary An HTTP request smuggling vulnerability [CWE-444] in FortiOS may allow an unauthenticated attacker to smuggle an unlogged http request through the firewall policies via a specially crafted header Version Affected Solution FortiOS 7.6 7.6.0 Upgrade to 7.6.1 or above FortiOS 7.4 7.4.0 through 7.4.9 Upgrade to 7.4.10 or above FortiOS 7.2 7.2 all versions Migrate to a fixed release FortiOS 7.0 7.0 all versions Migrate to a fixed release FortiOS 6.4 6.4.3 through 6.4.16 Migrate to a fixed release Follow the recommended upgrade path using our tool at: https://docs.fortinet.com/upgrade-tool Acknowledgement Discovered by Daobing Li from Fortinet R&D Team Timeline 2026-02-10: Initial publication

Related Articles

CRITICAL Siemens SENTRON 7KT PAC1261 Data Manager CISA ICS Advisories HIGH FortiGate firewalls hit by silent SSO intrusions and config theft The Register Security HIGH Fortinet Firewalls Hit With Malicious Configuration Changes Dark Reading CRITICAL Fortinet Confirms Active FortiCloud SSO Bypass on Fully Patched FortiGate Firewalls The Hacker News
Read Full Article → ← Back to News

Share this article

Twitter Facebook LinkedIn