{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-40688", "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "state": "PUBLISHED", "assignerShortName": "fortinet", "dateReserved": "2026-04-14T22:32:07.399Z", "datePublished": "2026-04-14T22:35:15.438Z", "dateUpdated": "2026-04-16T03:55:18.342Z"}, "containers": {"cna": {"affected": [{"vendor": "Fortinet", "product": "FortiWeb", "cpes": ["cpe:2.3:a:fortinet:fortiweb:8.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiweb:8.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiweb:8.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiweb:8.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiweb:7.6.6:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiweb:7.6.5:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiweb:7.6.4:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiweb:7.6.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiweb:7.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiweb:7.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiweb:7.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiweb:7.4.11:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiweb:7.4.10:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiweb:7.4.9:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiweb:7.4.8:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiweb:7.4.7:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiweb:7.4.6:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiweb:7.4.5:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiweb:7.4.4:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiweb:7.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiweb:7.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiweb:7.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiweb:7.4.0:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "versions": [{"versionType": "semver", "version": "8.0.0", "lessThanOrEqual": "8.0.3", "status": "affected"}, {"versionType": "semver", "version": "7.6.0", "lessThanOrEqual": "7.6.6", "status": "affected"}, {"versionType": "semver", "version": "7.4.0", "lessThanOrEqual": "7.4.11", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "An out-of-bounds write vulnerability [CWE-787] vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.3, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4.0 through 7.4.11 may allow a remote privileged attacker to execute arbitrary code or command via crafted HTTP requests."}], "providerMetadata": {"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet", "dateUpdated": "2026-04-15T08:53:24.743Z"}, "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-787", "description": "Execute unauthorized code or commands", "type": "CWE"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"version": "3.1", "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C"}}], "solutions": [{"lang": "en", "value": "Upgrade to FortiWeb version 8.0.4 or above\nUpgrade to FortiWeb version 7.6.7 or above\nUpgrade to FortiWeb version 7.4.12 or above"}], "references": [{"name": "https://fortiguard.fortinet.com/psirt/FG-IR-26-127", "url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-127"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-15T00:00:00+00:00", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3", "id": "CVE-2026-40688"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-16T03:55:18.342Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-40688", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-04-15T16:12:04.889383Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-15T16:12:13.048Z"}}], "cna": {"metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.7, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}}], "affected": [{"cpes": ["cpe:2.3:a:fortinet:fortiweb:8.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiweb:8.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiweb:8.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiweb:8.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiweb:7.6.6:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiweb:7.6.5:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiweb:7.6.4:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiweb:7.6.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiweb:7.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiweb:7.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiweb:7.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiweb:7.4.11:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiweb:7.4.10:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiweb:7.4.9:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiweb:7.4.8:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiweb:7.4.7:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiweb:7.4.6:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiweb:7.4.5:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiweb:7.4.4:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiweb:7.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiweb:7.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiweb:7.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiweb:7.4.0:*:*:*:*:*:*:*"], "vendor": "Fortinet", "product": "FortiWeb", "versions": [{"status": "affected", "version": "8.0.0", "versionType": "semver", "lessThanOrEqual": "8.0.3"}, {"status": "affected", "version": "7.6.0", "versionType": "semver", "lessThanOrEqual": "7.6.6"}, {"status": "affected", "version": "7.4.0", "versionType": "semver", "lessThanOrEqual": "7.4.11"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Upgrade to FortiWeb version 8.0.4 or above\nUpgrade to FortiWeb version 7.6.7 or above\nUpgrade to FortiWeb version 7.4.12 or above"}], "references": [{"url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-127", "name": "https://fortiguard.fortinet.com/psirt/FG-IR-26-127"}], "descriptions": [{"lang": "en", "value": "An out-of-bounds write vulnerability [CWE-787] vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.3, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4.0 through 7.4.11 may allow a remote privileged attacker to execute arbitrary code or command via crafted HTTP requests."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-787", "description": "Execute unauthorized code or commands"}]}], "providerMetadata": {"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet", "dateUpdated": "2026-04-15T08:53:24.743Z"}}}, "cveMetadata": {"cveId": "CVE-2026-40688", "state": "PUBLISHED", "dateUpdated": "2026-04-16T03:55:18.342Z", "dateReserved": "2026-04-14T22:32:07.399Z", "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "datePublished": "2026-04-14T22:35:15.438Z", "assignerShortName": "fortinet"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:*", "matchCriteriaId": "00447564-4A90-4194-85FF-A8C047796A5F", "versionEndExcluding": "7.4.12", "versionStartIncluding": "7.4.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:*", "matchCriteriaId": "15C9CDE3-FE6F-4946-A3DC-FDD7A5F99D65", "versionEndExcluding": "7.6.7", "versionStartIncluding": "7.6.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:*", "matchCriteriaId": "9C922491-BA4C-48DF-8697-8FE742FDA39B", "versionEndExcluding": "8.0.4", "versionStartIncluding": "8.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An out-of-bounds write vulnerability [CWE-787] vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.3, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4.0 through 7.4.11 may allow a remote privileged attacker to execute arbitrary code or command via crafted HTTP requests."}], "id": "CVE-2026-40688", "lastModified": "2026-04-20T18:07:49.050", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "psirt@fortinet.com", "type": "Secondary"}]}, "published": "2026-04-14T23:16:29.633", "references": [{"source": "psirt@fortinet.com", "tags": ["Vendor Advisory"], "url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-127"}], "sourceIdentifier": "psirt@fortinet.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "psirt@fortinet.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[8.0.0,8.0.3]"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[7.6.0,7.6.6]"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[7.4.0,7.4.11]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "FortiWeb", "source": "cna", "vendor": "Fortinet"}, "product": "fortiweb", "vendor": "fortinet"}], "analysis": {"en": {"generated_at": "2026-04-15T10:27:23.243974+00:00", "value": {"mitigation_remediation": ["Upgrade FortiWeb to version 8.0.4 or newer", "Upgrade FortiWeb to version 7.6.7 or newer", "Upgrade FortiWeb to version 7.4.12 or newer"], "summary": {"action": "Patch", "impact": "Remote Code Execution"}, "threat_synthesis": {"affected_systems": "Fortinet FortiWeb devices running versions 8.0.0 through 8.0.3, 7.6.0 through 7.6.6, and 7.4.0 through 7.4.11 are affected. The product is a web application firewall released by Fortinet.", "description_and_impact": "An out\u2011of\u2011bounds write flaw exists in Fortinet FortiWeb firmware versions 8.0.0 through 8.0.3, 7.6.0 through 7.6.6, and 7.4.0 through 7.4.11. A privileged attacker can send specially crafted HTTP requests that trigger a memory corruption, allowing remote execution of arbitrary code or system commands. This flaw compromises the confidentiality, integrity and availability of the impacted Web Application Firewall, potentially giving an attacker full control over the appliance.", "risk_and_exploitability": "The CVSS base score is 6.7, indicating a moderate severity. A publicly published EPSS score is not available, and the vulnerability is not listed in the CISA KEV catalog. The attack vector is not explicitly specified in the advisory; based on the nature of the flaw, the likely vector comes from requests processed by the FortiWeb appliance, which suggests remote exploitation through network traffic directed at the device."}}}}, "created": "2026-04-15T13:48:23.614541+00:00", "title": "Out\u2011of\u2011Bounds Write Allowing Remote Code Execution in Fortinet FortiWeb", "updated": "2026-04-15T14:31:57.022557+00:00", "vendors": ["fortinet", "fortinet$PRODUCT$fortiweb"]}