Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Fortinet FortiWeb WAF authentication bypass actively exploited authentication bypass flaw

Vulnerability
First reported
Last updated
Happening score
H score 45
1 unique sources, 1 articles

Summary

Hide ▲

Fortinet FortiWeb WAF is under active in-the-wild exploitation for an authentication bypass that can let attackers take over admin accounts and fully compromise devices. The flaw was silently patched in version 8.0.2, but systems still running earlier releases remain exposed. The abuse was first detected early last month and is being used to add a new administrator account for persistence.

Related Happenings

Linux kernel RDS PinTheft local privilege escalation flaw (public PoC)

Vulnerability
First: 20.05.2026 13:52 Last: 20.05.2026 13:52 Sources 1

About this happening: **PinTheft** now has a **public PoC exploit**, turning a recently patched **Linux kernel RDS** flaw into a practical **local privilege escalation** risk for **Arch Linux** systems...

Open Happening

Burst Statistics authentication bypass (CVE-2026-8181)

Vulnerability
First: 15.05.2026 00:07 Last: 15.05.2026 00:07 Sources 1

About this happening: **Burst Statistics** on **WordPress sites** is facing active exploitation of **CVE-2026-8181**, a critical **authentication bypass** that can let unauthenticated attackers imperso...

Open Happening

FortiClient EMS improper access control flaw (CVE-2026-35616)

Vulnerability
First: 05.04.2026 21:45 Last: 05.04.2026 21:45 Sources 1

About this happening: **CVE-2026-35616** is being **actively exploited** against **FortiClient Enterprise Management Server (EMS)**, putting exposed **7.4.5 and 7.4.6** deployments at risk of remote co...

Open Happening

Fortinet FortiClient EMS SQL injection actively exploited SQL injection flaw (CVE-2026-21643)

Vulnerability
First: 30.03.2026 10:48 Last: 30.03.2026 10:48 Sources 1

About this happening: Active exploitation of **CVE-2026-21643** is putting **Fortinet FortiClient EMS** deployments at risk of **unauthenticated arbitrary code or command execution** on unpatched syste...

Open Happening

FortiOS SSO authentication bypass (CVE-2026-24858)

Vulnerability
First: 28.01.2026 06:49 Last: 28.01.2026 06:49 Sources 1

About this happening: **CVE-2026-24858** is a **critical FortiOS authentication bypass** affecting **FortiOS**, **FortiManager**, and **FortiAnalyzer**, and it is being **actively exploited in the wild...

Latest development: 10.03.2026 18:21

SentinelOne said attackers are abusing FortiGate NGFW appliances through known vulnerabilities and weak credentials, including CVE-2026-24858, to steal configuration files and service account credentials from healthcare, government, and managed service provider environments.

Open Happening

Timeline

  1. 14.11.2025 11:00 1 articles · 6mo ago

    FortiWeb zero-day exploit offered for sale

    Campaign Scope Update

    Rapid7 said an alleged zero-day exploit targeting Fortinet FortiWeb was published for sale on a popular black hat forum on November 6, 2025, and it was not clear whether the listing matched the active bypass being abused against FortiWeb appliances.

    Show sources
    Open in new tab
  2. 14.11.2025 11:00 2 articles · 6mo ago

    FortiWeb authentication bypass exploitation disclosure

    Initial Disclosure

    Researchers warned that Fortinet FortiWeb WAF has an authentication bypass that can let attackers take over admin accounts and completely compromise devices; watchTowr reproduced the flaw, created a working proof-of-concept, released an artifact generator tool to identify susceptible devices, and observed attackers using HTTP POST requests to `/api/v2.0/cmdb/system/admin%3F/../../../../../cgi-bin/fwbcgi` to create new administrator accounts for persistence on versions earlier than 8.0.2.

    Show sources
    Open in new tab