FORTINET Security Advisory
Published Date: May 12, 2026
Advisory Summary
Fortinet has disclosed a vulnerability rated with a CVSSv3 score of 4.0 involving an Improper Neutralization of Argument Delimiters in a Command, classified as Argument Injection (CWE-88). This issue affects the FortiDeceptor administrative web interface and could allow an authenticated attacker, even with only read-only administrative privileges, to read log files by sending specially crafted HTTP requests.
While the impact severity is moderate, exposure of sensitive log information could help attackers gain insight into system activities and potentially facilitate further attacks.
— Recommended Action: Administrators should review and apply any available patches or mitigations released by Fortinet promptly. Monitoring access to administrative interfaces and limiting permissions can reduce risk exposure.
This vulnerability highlights the necessity of thorough input validation and access control enforcement in management interfaces of security products.
🔗
Reference: Vendor Advisory