CVE-2021-41026

CVSS 6.5 MEDIUMEPSS 0.9%

A relative path traversal in FortiWeb versions 6.4.1, 6.4.0, and 6.3.0 through 6.3.15 may allow an authenticated attacker to retrieve arbitrary files from the underlying filesystem via specially crafted web requests.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:U/RC:C

Affected products

Fortinet · Fortinet FortiWeb

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://fortiguard.com/advisory/FG-IR-21-156