Improper Neutralization of HTML Tags in Fortinet FortiSIEM Product Line
CVE-2026-59838

5.3MEDIUM

Key Information:

Vendor

Fortinet

Status
Vendor
CVE Published:
15 July 2026

What is CVE-2026-59838?

A cross-site scripting vulnerability exists in multiple versions of Fortinet's FortiSIEM products due to improper neutralization of HTML tags in web pages. This flaw enables an attacker to inject malicious scripts, which could lead to unauthorized execution of code or commands when users interact with the affected web application. Attackers leveraging this vulnerability could gain access to sensitive information or perform actions on behalf of users, posing significant risks to security.

Affected Version(s)

FortiSIEM 7.4.0

FortiSIEM 7.3.0 <= 7.3.4

FortiSIEM 7.2.0 <= 7.2.6

References

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.