Heap-based Buffer Overflow Vulnerability in Fortinet FortiAnalyzer and FortiManager Cloud Products
CVE-2026-22828

7.3HIGH

Key Information:

Vendor: Fortinet
Status: Fortianalyzer Cloud; Fortimanager Cloud
Vendor: CVE Published:; 14 April 2026

What is CVE-2026-22828?

A critical heap-based buffer overflow vulnerability exists in Fortinet's FortiAnalyzer Cloud and FortiManager Cloud (versions 7.6.2 to 7.6.4). This flaw could enable a remote, unauthenticated attacker to execute arbitrary code or commands by sending specifically crafted requests. Successfully exploiting this vulnerability demands substantial preparation due to Address Space Layout Randomization (ASLR) and network segmentation measures in place.

Affected Version(s)

FortiAnalyzer Cloud 7.6.2 <= 7.6.4

FortiManager Cloud 7.6.2 <= 7.6.4

References

https://fortiguard.fortinet.com/psirt/FG-IR-26-121

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 14, 2026
Vulnerability Reserved
Jan 12, 2026

CVE-2026-22828 Data

JSON