Cross-site Scripting Vulnerability in Fortinet FortiOS and FortiPAM Products
CVE-2026-23573
6.1MEDIUM
What is CVE-2026-23573?
Fortinet products including FortiOS and FortiPAM versions have a Cross-site Scripting vulnerability that could enable an authenticated remote user to execute arbitrary code or commands through specially crafted requests. This flaw occurs due to improper neutralization of input during web page generation. To protect your system, it is imperative to implement the latest security updates and monitor for any unusual activities.
Affected Version(s)
FortiOS 7.6.0 <= 7.6.6
FortiOS 7.4.0 <= 7.4.12
FortiOS 7.2.0 <= 7.2.13