CVEFinder.io

CVE-2026-22828

⚠ī¸ high
🔍 Scan for this CVE
Summary

A heap-based buffer overflow vulnerability in Fortinet FortiAnalyzer Cloud 7.6.2 through 7.6.4, FortiManager Cloud 7.6.2 through 7.6.4 may allow a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests. Successful exploitation would require a large amount of effort in preparation because of ASLR and network segmentation

CVSS Score
8.1
High
EPSS Score
0.2
Exploit Probability
Published Date
2026-04-14
First Seen: 2026-04-15
📊 Relative Risk Intelligence

This CVE is High Risk - more severe than 77.5% of all 327,350 vulnerabilities in our database.

#73,634
Top 25% most severe
Severity Percentile
đŸŽ¯ CISA SSVC Assessment Updated: Apr 14, 2026
🔍 Exploitation Status
None
No known exploits
⚙ī¸ Automatable
NO
Requires human interaction
đŸ’Ĩ Technical Impact
Total
Complete system compromise possible
SSVC data provided by CISA
Last Modified 2026-05-01
Source NVD 🔗
CVSS Vector 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE IDs (Weakness Types)
CWE-122

đŸ“Ļ Affected Products 2

Vendor Product Status Affected Versions
fortinet fortimanager_cloud Affected
> 7.6.2 < 7.6.5
fortinet fortianalyzer_cloud Affected
> 7.6.2 < 7.6.5

🔗 References 1

https://fortiguard.fortinet.com/psirt/FG-IR-26-121
Vendor Advisory

🔗 Related CVEs 6

CVE ID Severity CVSS EPSS Summary Published
CVE-2025-61848 ⚠ī¸ high 7.2 0.0 An improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiA... 2026-04-14
CVE-2025-48418 đŸ”ļ medium 6.7 0.1 A hidden functionality vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.3, FortiAnalyzer 7.4.0 through 7.4.7, F... 2026-03-10
CVE-2025-68648 ⚠ī¸ high 7.2 0.1 A use of externally-controlled format string vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer ... 2026-03-10
CVE-2026-22572 ⚠ī¸ high 7.2 0.1 An authentication bypass using an alternate path or channel vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.3,... 2026-03-10
CVE-2026-22629 ℹī¸ low 3.7 0.0 An improper restriction of excessive authentication attempts vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4... 2026-03-10
CVE-2024-47569 đŸ”ļ medium 4.3 0.0 A insertion of sensitive information into sent data vulnerability in Fortinet FortiMail 7.4.0 through 7.4.2, FortiMail 7... 2025-10-14
These CVEs affect the same products