ZDI-26-266: Fortinet FortiWeb cat_cgi_paths Out-Of-Bounds Write Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fortinet FortiWeb. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2026-40688.
ORIGINAL SOURCE →via Zero Day Initiative
ADVERTISEMENT
⚡ STAY AHEAD
Events like this, convergence-verified across 689 sources, land in your inbox every Sunday. Free.
GET THE SUNDAY BRIEFING →RELATED · cyber
- [CYBER] Mantle proposes up to 30,000 ETH loan to address Aave bad debt from Kelp exploit
- [CYBER] Mantle proposes up to 30,000 ETH loan to address Aave bad debt from Kelp exploit - The Block
- [CYBER] CVE-2026-1952 - Denial of service via the undocumented subfunction in AS320T
- [CYBER] CVE-2026-1951 - No checking of the length of the buffer with the directory name in AS320T
- [CYBER] CVE-2026-1950 - No checking of the length of the buffer with the file name in AS320T
- [CYBER] Python Vulnerability Enables Out-of-Bounds Write on Windows