{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-22828", "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "state": "PUBLISHED", "assignerShortName": "fortinet", "dateReserved": "2026-01-12T08:32:04.788Z", "datePublished": "2026-04-14T15:38:22.657Z", "dateUpdated": "2026-04-15T03:58:26.193Z"}, "containers": {"cna": {"affected": [{"vendor": "Fortinet", "product": "FortiAnalyzer Cloud", "cpes": ["cpe:2.3:a:fortinet:fortianalyzercloud:7.6.4:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortianalyzercloud:7.6.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortianalyzercloud:7.6.2:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "versions": [{"versionType": "semver", "version": "7.6.2", "lessThanOrEqual": "7.6.4", "status": "affected"}]}, {"vendor": "Fortinet", "product": "FortiManager Cloud", "cpes": ["cpe:2.3:a:fortinet:fortimanagercloud:7.6.4:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimanagercloud:7.6.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimanagercloud:7.6.2:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "versions": [{"versionType": "semver", "version": "7.6.2", "lessThanOrEqual": "7.6.4", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "A heap-based buffer overflow vulnerability in Fortinet FortiAnalyzer Cloud 7.6.2 through 7.6.4, FortiManager Cloud 7.6.2 through 7.6.4 may allow a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests. Successful exploitation would require a large amount of effort in preparation because of ASLR and network segmentation"}], "providerMetadata": {"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet", "dateUpdated": "2026-04-14T15:38:22.657Z"}, "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-122", "description": "Escalation of privilege", "type": "CWE"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"version": "3.1", "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C"}}], "solutions": [{"lang": "en", "value": "Upgrade to upcoming FortiManager Cloud version 8.0.0 or above\nUpgrade to FortiManager Cloud version 7.6.5 or above\nUpgrade to upcoming FortiAnalyzer Cloud version 8.0.0 or above\nUpgrade to FortiAnalyzer Cloud version 7.6.5 or above"}], "references": [{"name": "https://fortiguard.fortinet.com/psirt/FG-IR-26-121", "url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-121"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-14T00:00:00+00:00", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3", "id": "CVE-2026-22828"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-15T03:58:26.193Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-22828", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-04-14T16:22:36.629997Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-14T16:36:59.949Z"}}], "cna": {"metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.3, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"cpes": ["cpe:2.3:a:fortinet:fortianalyzercloud:7.6.4:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortianalyzercloud:7.6.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortianalyzercloud:7.6.2:*:*:*:*:*:*:*"], "vendor": "Fortinet", "product": "FortiAnalyzer Cloud", "versions": [{"status": "affected", "version": "7.6.2", "versionType": "semver", "lessThanOrEqual": "7.6.4"}], "defaultStatus": "unaffected"}, {"cpes": ["cpe:2.3:a:fortinet:fortimanagercloud:7.6.4:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimanagercloud:7.6.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimanagercloud:7.6.2:*:*:*:*:*:*:*"], "vendor": "Fortinet", "product": "FortiManager Cloud", "versions": [{"status": "affected", "version": "7.6.2", "versionType": "semver", "lessThanOrEqual": "7.6.4"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Upgrade to upcoming FortiManager Cloud version 8.0.0 or above\nUpgrade to FortiManager Cloud version 7.6.5 or above\nUpgrade to upcoming FortiAnalyzer Cloud version 8.0.0 or above\nUpgrade to FortiAnalyzer Cloud version 7.6.5 or above"}], "references": [{"url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-121", "name": "https://fortiguard.fortinet.com/psirt/FG-IR-26-121"}], "descriptions": [{"lang": "en", "value": "A heap-based buffer overflow vulnerability in Fortinet FortiAnalyzer Cloud 7.6.2 through 7.6.4, FortiManager Cloud 7.6.2 through 7.6.4 may allow a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests. Successful exploitation would require a large amount of effort in preparation because of ASLR and network segmentation"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-122", "description": "Escalation of privilege"}]}], "providerMetadata": {"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet", "dateUpdated": "2026-04-14T15:38:22.657Z"}}}, "cveMetadata": {"cveId": "CVE-2026-22828", "state": "PUBLISHED", "dateUpdated": "2026-04-15T03:58:26.193Z", "dateReserved": "2026-01-12T08:32:04.788Z", "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "datePublished": "2026-04-14T15:38:22.657Z", "assignerShortName": "fortinet"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A heap-based buffer overflow vulnerability in Fortinet FortiAnalyzer Cloud 7.6.2 through 7.6.4, FortiManager Cloud 7.6.2 through 7.6.4 may allow a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests. Successful exploitation would require a large amount of effort in preparation because of ASLR and network segmentation"}], "id": "CVE-2026-22828", "lastModified": "2026-04-14T16:16:37.110", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 5.9, "source": "psirt@fortinet.com", "type": "Secondary"}]}, "published": "2026-04-14T16:16:37.110", "references": [{"source": "psirt@fortinet.com", "url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-121"}], "sourceIdentifier": "psirt@fortinet.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-122"}], "source": "psirt@fortinet.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[7.6.2,7.6.4]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "FortiAnalyzer Cloud", "source": "cna", "vendor": "Fortinet"}, "product": "fortianalyzer_cloud", "vendor": "fortinet"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "7.6.2"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "7.6.3"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "7.6.4"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "product": "fortianalyzercloud", "vendor": "fortinet"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[7.6.2,7.6.4]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "FortiManager Cloud", "source": "cna", "vendor": "Fortinet"}, "product": "fortimanager_cloud", "vendor": "fortinet"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "7.6.2"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "7.6.3"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "7.6.4"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "product": "fortimanagercloud", "vendor": "fortinet"}], "analysis": {"en": {"generated_at": "2026-04-14T17:38:23.747047+00:00", "value": {"mitigation_remediation": ["Upgrade FortiAnalyzer Cloud and FortiManager Cloud to version 7.6.5 or later, or to the upcoming 8.0.0 release.", "Confirm that the upgrade succeeds and restart services if required.", "If the upgrade cannot be applied immediately, restrict API access and monitor for suspicious traffic."], "summary": {"action": "Immediate Patch", "impact": "Remote Code Execution"}, "threat_synthesis": {"affected_systems": "Systems running Fortinet FortiAnalyzer Cloud from version 7.6.2 up to 7.6.4 and FortiManager Cloud from version 7.6.2 to 7.6.4 are impacted. Updating to version 7.6.5 or later, or to the forthcoming 8.0.0 series, resolves the issue and restores secure operation.", "description_and_impact": "A heap based buffer overflow exists in Fortinet FortiAnalyzer Cloud and FortiManager Cloud versions 7.6.2 through 7.6.4. If an attacker sends a specially crafted request, they can trigger the overflow and achieve remote code execution or arbitrary command execution without authentication. The weakness, classified as CWE-122, undermines confidentiality and integrity, empowering an attacker to compromise the affected system fully.", "risk_and_exploitability": "The CVSS base score of 7.3 indicates a high severity and highlights the remote and unauthenticated nature of the exploit. Although the exploit would require significant preparation work, such as bypassing address\u2011space layout randomization and navigating network segmentation, the potential impact is severe. The vulnerability is not listed in CISA\u2019s KEV catalog, and EPSS data is unavailable, so current exploitation prevalence is unclear, but the high severity warrants immediate mitigation through the recommended upgrade."}}}}, "created": "2026-04-15T14:41:09.655884+00:00", "title": "Heap Based Buffer Overflow in Fortinet FortiAnalyzer Cloud and FortiManager Cloud Allowing Remote Code Execution", "updated": "2026-04-15T15:30:06.814267+00:00", "vendors": ["fortinet", "fortinet$PRODUCT$fortianalyzer_cloud", "fortinet$PRODUCT$fortianalyzercloud", "fortinet$PRODUCT$fortimanager_cloud", "fortinet$PRODUCT$fortimanagercloud"]}