Buffer Over-read Vulnerability in Fortinet FortiOS and FortiProxy Products
CVE-2026-59840

4.1MEDIUM

Key Information:

Vendor

Fortinet

Vendor
CVE Published:
14 July 2026

What is CVE-2026-59840?

A buffer over-read vulnerability exists in Fortinet's FortiOS and FortiProxy products, potentially allowing an attacker to access sensitive information. This issue affects multiple versions of FortiOS (from 7.6.0 to 7.6.2, 7.4.0 to 7.4.8, and all versions of 7.2) and FortiProxy (from 7.6.0 to 7.6.5, 7.4.0 to 7.4.13, and all versions of 7.2). The vulnerability may be exploited to disclose information that should remain confidential, emphasizing the need for users to apply recommended security measures. For further details, please refer to the official Fortinet advisory.

Affected Version(s)

FortiOS 7.6.0 <= 7.6.2

FortiOS 7.4.0 <= 7.4.8

FortiOS 7.2.0 <= 7.2.13

References

CVSS V3.1

Score:
4.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.