CVE-2026-22628 MEDIUM

CVE-2026-22628

Vendor Fortinet

Product FortiSwitchAXFixed

Weakness CWE-284

Published March 10, 2026

Last update March 10, 2026

View on NVD All CVEs

CVSS base score

5.1/10

Attack vector Local

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C

What the vulnerability does

01Description

An improper access control vulnerability in Fortinet FortiSwitchAXFixed 1.0.0 through 1.0.1 may allow an authenticated admin to execute system commands via a specifically crafted SSH config file.

Key dates

02Disclosure timeline

March 10, 2026 CVE published

March 10, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2026-22628

Related vulnerabilities

04Related CVE

CVE-2026-49822 Fission: Cross-namespace event leakage via KubernetesWatchTrigger allows persistent tenant surveillance CVE-2024-0965 Simple Page Access Restriction <= 1.0.21 - Improper Access Control to Sensitive Information Exposure via REST API CVE-2019-3567 CVE-2023-28808 CVE-2026-21629 Joomla! Core - [20260301] - ACL hardening in com_ajax