Stack-Based Buffer Overflow in Fortinet FortiOS and FortiPAM Products
CVE-2026-59837
5.9MEDIUM
Key Information:
- Vendor
Fortinet
- Vendor
- CVE Published:
- 14 July 2026
What is CVE-2026-59837?
A stack-based buffer overflow vulnerability has been identified in Fortinet's FortiOS and FortiPAM products. This issue affects various versions of FortiOS (7.4.0 to 7.4.1, and 7.2 all versions) and multiple versions of FortiPAM (from 1.0 to 1.8.2). A privileged authenticated attacker may exploit this vulnerability by bypassing stack protection and Address Space Layout Randomization (ASLR), potentially allowing the execution of arbitrary code or commands through specially crafted HTTP requests. Organizations using the affected products are urged to apply all necessary patches and mitigations as soon as possible.
Affected Version(s)
FortiOS 7.4.0 <= 7.4.1
FortiOS 7.2.0 <= 7.2.13
FortiOS 7.0.0 <= 7.0.19