CVE-2026-22828 PUBLISHED

Assigner: fortinet
Reserved: 12.01.2026 Published: 14.04.2026 Updated: 14.04.2026

A heap-based buffer overflow vulnerability in Fortinet FortiAnalyzer Cloud 7.6.2 through 7.6.4, FortiManager Cloud 7.6.2 through 7.6.4 may allow a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests. Successful exploitation would require a large amount of effort in preparation because of ASLR and network segmentation

Metrics

CVSS 3.1

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
CVSS Score: 7.3

Attack Vector	Network	Scope	Unchanged
Attack Complexity	High	Confidentiality Impact	High
Privileges Required	None	Integrity Impact	High
User Interaction	None	Availability Impact	High

CVSS 3.1

Product Status

Vendor	Fortinet
Product	FortiAnalyzer Cloud
Versions	Default: unaffected affected from 7.6.2 to 7.6.4 (incl.)

Vendor	Fortinet
Product	FortiManager Cloud
Versions	Default: unaffected affected from 7.6.2 to 7.6.4 (incl.)

Solutions

Upgrade to upcoming FortiManager Cloud version 8.0.0 or above Upgrade to FortiManager Cloud version 7.6.5 or above Upgrade to upcoming FortiAnalyzer Cloud version 8.0.0 or above Upgrade to FortiAnalyzer Cloud version 7.6.5 or above

References

https://fortiguard.fortinet.com/psirt/FG-IR-26-121

Problem Types

Escalation of privilege CWE