CVE-2026-24018 Fortinet — Exploit & Vulnerability Details HIGH

CVE-2026-24018

HIGH CVSS 3.1: 7.8 EPSS 0.02%

Parameter	Value
CVSS	7.8 (HIGH)
Affected Versions	7.2.2 — 7.4.5
Fixed In	7.2.13
Type	CWE-61 (UNIX Symlink Following)
Vendor	Fortinet
Public PoC	No

A UNIX symbolic link (Symlink) following vulnerability in Fortinet FortiClientLinux 7.4.0 through 7.4.4, FortiClientLinux 7.2.2 through 7.2.12 may allow a local and unprivileged user to escalate their privileges to root.

Attack Parameters

Attack Vector

Local

Requires local access

Attack Complexity

Low

Easy to exploit

Privileges Required

Low

Basic privileges needed

User Interaction

None

No user interaction needed

Impact Assessment

Confidentiality

High

Complete data leak

Integrity

High

Complete data modification

Availability

High

Complete denial of service

CVSS Vector v3.1

Weakness Type (CWE)

CWE-61 UNIX Symlink Following

Vulnerable Products 2

Configuration	From (including)	Up to (excluding)
Fortinet Forticlient cpe:2.3:a:fortinet:forticlient::::::linux::*	`7.2.2`	`7.2.13`
Fortinet Forticlient cpe:2.3:a:fortinet:forticlient::::::linux::*	`7.4.0`	`7.4.5`

References 1

https://fortiguard.fortinet.com/psirt/FG-IR-26-083

psirt@fortinet.com

Share Post Share Share Share

Related Vulnerabilities

CVE-2026-25836

Fortinet

7.2

CVE-2026-25689

Fortinet

6.5

CVE-2026-22572

Fortinet

7.2

CVE-2025-68648

Fortinet

7.2

CVE-2026-24858

Fortinet

9.8

Menu

CVE-2026-24018

Attack Parameters

Impact Assessment

CVSS Vector v3.1

Weakness Type (CWE)

Vulnerable Products 2

References 1

Related Vulnerabilities

CVE-2026-25836

CVE-2026-25689

CVE-2026-22572

CVE-2025-68648

CVE-2026-24858

CVE Details

Editor's Choice

Menu

CVE-2026-24018

Attack Parameters

Impact Assessment

CVSS Vector v3.1

Weakness Type (CWE)

Vulnerable Products 2

References 1

Related Vulnerabilities

CVE-2026-25836

CVE-2026-25689

CVE-2026-22572

CVE-2025-68648

CVE-2026-24858

CVE Details

Editor's Choice

Stay informed on cybersecurity