Cross-site Scripting Vulnerability in Fortinet FortiOS and FortiPAM Products
CVE-2026-23573

6.1MEDIUM

Key Information:

Vendor

Fortinet

Vendor
CVE Published:
14 July 2026

What is CVE-2026-23573?

Fortinet products including FortiOS and FortiPAM versions have a Cross-site Scripting vulnerability that could enable an authenticated remote user to execute arbitrary code or commands through specially crafted requests. This flaw occurs due to improper neutralization of input during web page generation. To protect your system, it is imperative to implement the latest security updates and monitor for any unusual activities.

Affected Version(s)

FortiOS 7.6.0 <= 7.6.6

FortiOS 7.4.0 <= 7.4.12

FortiOS 7.2.0 <= 7.2.13

References

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.