Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Fortinet FortiWeb path traversal flaw, actively exploited

Vulnerability
First reported
Last updated
Happening score
H score 27
1 unique sources, 1 articles

Summary

Hide ▲

Fortinet FortiWeb path traversal is being actively exploited to create new admin users on exposed devices without authentication, creating immediate takeover risk for internet-facing systems. The flaw affects FortiWeb 8.0.1 and earlier and is fixed in 8.0.2. Administrators should treat exposed management interfaces as at risk and verify whether unauthorized accounts or suspicious requests are present.

Related Happenings

FortiClient EMS improper access control flaw (CVE-2026-35616)

Vulnerability
First: 05.04.2026 21:45 Last: 05.04.2026 21:45 Sources 1

About this happening: **CVE-2026-35616** is being **actively exploited** against **FortiClient Enterprise Management Server (EMS)**, putting exposed **7.4.5 and 7.4.6** deployments at risk of remote co...

Open Happening

Fortinet FortiClient EMS SQL injection actively exploited SQL injection flaw (CVE-2026-21643)

Vulnerability
First: 30.03.2026 10:48 Last: 30.03.2026 10:48 Sources 1

About this happening: Active exploitation of **CVE-2026-21643** is putting **Fortinet FortiClient EMS** deployments at risk of **unauthenticated arbitrary code or command execution** on unpatched syste...

Open Happening

FortiOS SSO authentication bypass (CVE-2026-24858)

Vulnerability
First: 28.01.2026 06:49 Last: 28.01.2026 06:49 Sources 1

About this happening: **CVE-2026-24858** is a **critical FortiOS authentication bypass** affecting **FortiOS**, **FortiManager**, and **FortiAnalyzer**, and it is being **actively exploited in the wild...

Latest development: 10.03.2026 18:21

SentinelOne said attackers are abusing FortiGate NGFW appliances through known vulnerabilities and weak credentials, including CVE-2026-24858, to steal configuration files and service account credentials from healthcare, government, and managed service provider environments.

Open Happening

Fortinet FortiCloud SSO mitigation guidance

Advisory/Mitigation
First: 28.01.2026 01:19 Last: 28.01.2026 01:19 Sources 1

About this happening: **Fortinet** advised customers to **restrict administrative access** and **disable FortiCloud SSO** to reduce abuse of an **actively exploited** authentication bypass affecting de...

Open Happening

Fortinet CVE-2025-59718 mitigation guidance

Advisory/Mitigation
First: 23.01.2026 12:39 Last: 23.01.2026 12:39 Sources 1

About this happening: **Fortinet** told customers to immediately harden **FortiCloud SSO** exposure for **CVE-2025-59718**, because attackers are still abusing the flaw against **fully patched firewall...

Open Happening

Timeline

  1. 14.11.2025 04:41 1 articles · 6mo ago

    FortiWeb path traversal abuse first spotted on exposed devices

    Exploitation Observed

    Defused identified an unknown Fortinet exploit on exposed FortiWeb devices on October 6, with attackers using the path traversal flaw to create admin accounts without authentication.

    Show sources
    Open in new tab
  2. 14.11.2025 04:41 2 articles · 6mo ago

    Researchers confirm FortiWeb path traversal flaw and 8.0.2 fix

    Technical Analysis Update

    Researchers from PwnDefend, Defused, watchTowr Labs, and Rapid7 confirmed that FortiWeb 8.0.1 and earlier are affected by a path traversal flaw at /api/v2.0/cmdb/system/admin%3f/../../../../../cgi-bin/fwbcgi, where HTTP POST requests can create local admin-level accounts; the issue is fixed in FortiWeb 8.0.2, and defenders are advised to review logs, unusual administrative accounts, and access from suspicious IPs.

    Show sources
    Open in new tab