FORTINET Security Advisory
Published Date: June 9, 2026
Advisory Summary
A significant security concern has been identified in Fortinet’s FortiOS and FortiProxy platforms involving an Internal Asset exposed to an Unsafe Debug Access Level or State (CWE-1244). This vulnerability permits an authenticated administrator to execute Lua scripts through specifically crafted CLI commands, potentially leading to unauthorized actions within the system.
The CVSSv3 base score for this vulnerability is rated at 6.0, indicating a medium severity level that warrants prompt attention from IT and security teams using Fortinet infrastructure.
- Affects FortiOS and FortiProxy devices.
- Exploitation requires authenticated admin access.
- Involves execution of Lua scripts via the CLI.
- Immediate patching or mitigation recommended to prevent misuse.
Given the nature of CLI access and scripting capabilities, attackers or insiders exploiting this flaw could manipulate device behavior in a way that bypasses normal security controls, emphasizing the need for strict access management and updated firmware.
IT professionals managing Fortinet equipment should review the latest security advisories and apply fixes as per Fortinet’s guidance to safeguard their network infrastructure effectively.
Reference: Vendor Advisory