CVE-2026-40688 MEDIUM

CVE-2026-40688

Vendor Fortinet

Product FortiWeb

Weakness CWE-787

Published April 14, 2026

Last update April 16, 2026

View on NVD All CVEs

CVSS base score

6.7/10

Attack vector Network

Attack complexity Low

Privileges required High

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C

What the vulnerability does

01Description

An out-of-bounds write vulnerability [CWE-787] vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.3, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4.0 through 7.4.11 may allow a remote privileged attacker to execute arbitrary code or command via crafted HTTP requests.

Key dates

02Disclosure timeline

April 14, 2026 CVE published

April 16, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2026-40688 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/787.html

Related vulnerabilities

Identifiers

CVE CVE-2026-40688

CWE CWE-787

CVSS 6.7 / MEDIUM

Affected versions

Vendor Fortinet

Product FortiWeb

Affected ≥ 8.0.0 and ≤ 8.0.3

Vendor Fortinet

Product FortiWeb

Affected ≥ 7.6.0 and ≤ 7.6.6

Vendor Fortinet

Product FortiWeb

Affected ≥ 7.4.0 and ≤ 7.4.11

CVE-2026-40688

01Description

02Disclosure timeline

03References

04Related CVE