FORTINET Security Advisory
Published Date: May 12, 2026
Advisory Summary
Fortinet has disclosed a critical OS command injection vulnerability (CWE-78) impacting the CLI interface of FortiAP and FortiAP-W2 access points. With a CVSSv3 score of 6.5, this flaw allows authenticated attackers to execute unauthorized system commands by leveraging a specially crafted CLI input. This presents a significant security risk, potentially enabling control over affected devices and compromising network integrity.
IT security teams using FortiAP devices should prioritize applying the latest patches or mitigation measures released by Fortinet to prevent exploitation. Continuous monitoring and restricting CLI access to trusted administrators is recommended as an additional safeguard.
Proactive response to such vulnerabilities is vital to maintain secure, resilient wireless infrastructure in enterprise environments.
Reference: Vendor Advisory