Vulnerability Details CVE-2026-40688
An out-of-bounds write vulnerability [CWE-787] vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.3, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4.0 through 7.4.11 may allow a remote privileged attacker to execute arbitrary code or command via crafted HTTP requests.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.006
EPSS Ranking 68.5%
CVSS Severity
CVSS v3 Score 7.2
Products affected by CVE-2026-40688
-
cpe:2.3:a:fortinet:fortiweb:7.4.0
-
cpe:2.3:a:fortinet:fortiweb:7.4.1
-
cpe:2.3:a:fortinet:fortiweb:7.4.10
-
cpe:2.3:a:fortinet:fortiweb:7.4.11
-
cpe:2.3:a:fortinet:fortiweb:7.4.2
-
cpe:2.3:a:fortinet:fortiweb:7.4.3
-
cpe:2.3:a:fortinet:fortiweb:7.4.4
-
cpe:2.3:a:fortinet:fortiweb:7.4.5
-
cpe:2.3:a:fortinet:fortiweb:7.4.6
-
cpe:2.3:a:fortinet:fortiweb:7.4.7
-
cpe:2.3:a:fortinet:fortiweb:7.4.8
-
cpe:2.3:a:fortinet:fortiweb:7.4.9
-
cpe:2.3:a:fortinet:fortiweb:7.6.0
-
cpe:2.3:a:fortinet:fortiweb:7.6.1
-
cpe:2.3:a:fortinet:fortiweb:7.6.2
-
cpe:2.3:a:fortinet:fortiweb:7.6.3
-
cpe:2.3:a:fortinet:fortiweb:7.6.4
-
cpe:2.3:a:fortinet:fortiweb:7.6.5
-
cpe:2.3:a:fortinet:fortiweb:7.6.6
-
cpe:2.3:a:fortinet:fortiweb:8.0.0
-
cpe:2.3:a:fortinet:fortiweb:8.0.1
-
cpe:2.3:a:fortinet:fortiweb:8.0.2
-
cpe:2.3:a:fortinet:fortiweb:8.0.3