CVE-2026-59838 PUBLISHED

Assigner: fortinet
Reserved: 07.07.2026 Published: 15.07.2026 Updated: 15.07.2026

A improper neutralization of script-related html tags in a web page (basic xss) vulnerability in Fortinet FortiSIEM 7.4.0, FortiSIEM 7.3.0 through 7.3.4, FortiSIEM 7.2.0 through 7.2.6, FortiSIEM 7.1 all versions, FortiSIEM 7.0 all versions, FortiSIEM 6.7 all versions, FortiSIEM 6.6 all versions, FortiSIEM 6.5 all versions, FortiSIEM 6.4 all versions may allow attacker to execute unauthorized code or commands via <insert attack vector here>

Metrics

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C
CVSS Score: 5.3

Product Status

Vendor Fortinet
Product FortiSIEM
Versions Default: unaffected
  • Version 7.4.0 is affected
  • affected from 7.3.0 to 7.3.4 (incl.)
  • affected from 7.2.0 to 7.2.6 (incl.)
  • affected from 7.1.0 to 7.1.9 (incl.)
  • affected from 7.0.0 to 7.0.4 (incl.)
  • affected from 6.7.0 to 6.7.10 (incl.)
  • affected from 6.6.0 to 6.6.5 (incl.)
  • affected from 6.5.0 to 6.5.3 (incl.)
  • affected from 6.4.0 to 6.4.4 (incl.)
  • affected from 6.3.0 to 6.3.3 (incl.)
  • affected from 6.2.0 to 6.2.1 (incl.)

Solutions

Upgrade to FortiSIEM version 7.5.0 or above Upgrade to FortiSIEM version 7.4.1 or above Upgrade to FortiSIEM version 7.3.5 or above Upgrade to FortiSIEM version 7.2.7 or above

References

Problem Types

  • Execute unauthorized code or commands CWE