CVE-2026-59839 PUBLISHED

Assigner: fortinet
Reserved: 07.07.2026 Published: 14.07.2026 Updated: 14.07.2026

A improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in Fortinet FortiOS 7.6.0 through 7.6.6, FortiOS 7.4.0 through 7.4.9, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions, FortiPAM 1.8.0, FortiPAM 1.7.0 through 1.7.2, FortiPAM 1.6 all versions, FortiPAM 1.5 all versions, FortiPAM 1.4 all versions, FortiPAM 1.3 all versions, FortiPAM 1.2 all versions, FortiPAM 1.1 all versions, FortiPAM 1.0 all versions, FortiProxy 7.6.0 through 7.6.5, FortiProxy 7.4 through 7.4.13, FortiProxy 7.2 all versions, FortiProxy 7.0 all versions may allow attacker to execute unauthorized code or commands via <insert attack vector here>

Metrics

CVSS Vector: CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H/E:P/RL:O/RC:C
CVSS Score: 5

Product Status

Vendor Fortinet
Product FortiProxy
Versions Default: unaffected
  • affected from 7.6.0 to 7.6.5 (incl.)
  • affected from 7.4.0 to 7.4.13 (incl.)
  • affected from 7.2.0 to 7.2.16 (incl.)
  • affected from 7.0.0 to 7.0.23 (incl.)
Vendor Fortinet
Product FortiOS
Versions Default: unaffected
  • affected from 7.6.0 to 7.6.6 (incl.)
  • affected from 7.4.0 to 7.4.9 (incl.)
  • affected from 7.2.0 to 7.2.13 (incl.)
  • affected from 7.0.0 to 7.0.19 (incl.)
  • affected from 6.4.0 to 6.4.16 (incl.)
Vendor Fortinet
Product FortiPAM
Versions Default: unaffected
  • Version 1.8.0 is affected
  • affected from 1.7.0 to 1.7.2 (incl.)
  • affected from 1.6.0 to 1.6.2 (incl.)
  • affected from 1.5.0 to 1.5.1 (incl.)
  • affected from 1.4.0 to 1.4.3 (incl.)
  • affected from 1.3.0 to 1.3.1 (incl.)
  • Version 1.2.0 is affected
  • affected from 1.1.0 to 1.1.2 (incl.)
  • affected from 1.0.0 to 1.0.3 (incl.)

Solutions

Upgrade to FortiProxy version 7.6.6 or above Upgrade to FortiOS version 8.0.0 or above Upgrade to FortiOS version 7.6.7 or above Upgrade to FortiOS version 7.4.10 or above Fortinet remediated this issue in FortiSASE version 26.1.1 and hence customers do not need to perform any action. Upgrade to FortiPAM version 1.9.0 or above Upgrade to FortiPAM version 1.8.1 or above Upgrade to FortiSwitchManager version 7.2.8 or above

References

Problem Types

  • Execute unauthorized code or commands CWE