CERT-In Issues Critical Advisory for FortiOS and FortiProxy Multiple Vulnerabilities
The Indian Computer Emergency Response Team (CERT-In) has issued a critical severity advisory (CIAD-2026-00XX) regarding multiple vulnerabilities in Fortinet FortiOS and FortiProxy. These vulnerabilities could allow remote attackers to execute arbitrary code, cause denial of service, or bypass authentication on affected systems.
Vulnerability Summary
Multiple stack-based buffer overflow vulnerabilities have been discovered in FortiOS and FortiProxy that could allow an unauthenticated remote attacker to execute arbitrary code by sending specially crafted requests. These vulnerabilities affect all versions prior to the latest patched releases.
Affected Products
- FortiOS 7.6.x — all versions below 7.6.0
- FortiOS 7.4.x — all versions below 7.4.5
- FortiOS 7.2.x — all versions below 7.2.9
- FortiProxy 7.4.x — all versions below 7.4.3
- FortiProxy 7.2.x — all versions below 7.2.9
Recommended Actions
- Immediately upgrade FortiOS to version 7.4.5 or later
- Upgrade FortiProxy to version 7.4.3 or later
- Restrict management access to trusted IP addresses only
- Enable multi-factor authentication on all administrative accounts
- Monitor firewall logs for signs of exploitation attempts
Need Cybersecurity Support?
P J Networks provides 24/7 managed NOC/SOC services, vulnerability assessments, and security consulting for Indian enterprises.
Contact PJ Networks