CVE-2026-22627 HIGH

CVE-2026-22627

Vendor Fortinet
Product FortiSwitchAXFixed
Weakness CWE-120
Published March 10, 2026
Last update March 12, 2026

CVSS base score

7.7/10
Attack vector Adjacent
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

What the vulnerability does

01Description

A buffer copy without checking size of input ('classic buffer overflow') vulnerability in Fortinet FortiSwitchAXFixed 1.0.0 through 1.0.1 may allow an unauthenticated attacker within the same adjacent network to execute unauthorized code or commands on the device via sending a crafted LLDP packet.

Key dates

02Disclosure timeline

March 10, 2026 CVE published
March 12, 2026 Record updated