CVE-2026-24641
Received
Received - Intake
NULL Pointer Dereference in Fortinet FortiWeb Causes HTTP Daemon Crash
Vulnerability report for CVE-2026-24641, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.
Publication date: 2026-03-10
Last updated on: 2026-03-12
Assigner: Fortinet, Inc.
Description
Description
A NULL Pointer Dereference vulnerability [CWE-476] vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.2, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4 all versions, FortiWeb 7.2 all versions, FortiWeb 7.0 all versions may allow an authenticated attacker to crash the HTTP daemon via crafted HTTP requests.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| fortinet | fortiweb | From 8.0.0 (inc) to 8.0.3 (exc) |
| fortinet | fortiweb | From 7.0.0 (inc) to 7.6.7 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-476 | The product dereferences a pointer that it expects to be valid but is NULL. |