CVE-2026-30897
Received
Received - Intake
Stack-Based Buffer Overflow in Fortinet FortiWeb Enables RCE
Publication date: 2026-03-10
Last updated on: 2026-03-12
Assigner: Fortinet, Inc.
Description
Description
A stack-based buffer overflow vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.3, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4.0 through 7.4.11, FortiWeb 7.2 all versions, FortiWeb 7.0 all versions may allow a remote authenticated attacker who can bypass stack protection and ASLR to execute arbitrary code or commands via crafted HTTP requests.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| fortinet | fortiweb | From 7.0.0 (inc) to 7.4.12 (exc) |
| fortinet | fortiweb | From 7.6.0 (inc) to 7.6.7 (exc) |
| fortinet | fortiweb | From 8.0.0 (inc) to 8.0.4 (exc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-121 | A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function). |
