CVE-2026-23573
Undergoing Analysis Undergoing Analysis - In Progress

Cross-Site Scripting in Fortinet FortiOS and FortiProxy

Vulnerability report for CVE-2026-23573, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-14

Last updated on: 2026-07-14

Assigner: Fortinet, Inc.

Description

An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability [CWE-79] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.6, FortiOS 7.4 all versions, FortiOS 7.2 all versions, FortiPAM 1.8.0, FortiPAM 1.7 all versions, FortiPAM 1.6 all versions, FortiPAM 1.5 all versions, FortiPAM 1.4 all versions, FortiPAM 1.3 all versions, FortiPAM 1.2 all versions, FortiPAM 1.1 all versions, FortiPAM 1.0 all versions, FortiProxy 7.4.0 through 7.4.3, FortiProxy 7.2.0 through 7.2.9 may allow an authenticated remote user to execute code or commands via crafted requests.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-14
Last Modified
2026-07-14
Generated
2026-07-14
AI Q&A
2026-07-14
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 17 associated CPEs
Vendor Product Version / Range
fortinet fortios 7.6.0
fortinet fortios to 7.6.6 (inc)
fortinet fortios 7.4
fortinet fortios 7.2
fortinet fortipam 1.8.0
fortinet fortipam 1.7
fortinet fortipam 1.6
fortinet fortipam 1.5
fortinet fortipam 1.4
fortinet fortipam 1.3
fortinet fortipam 1.2
fortinet fortipam 1.1
fortinet fortipam 1.0
fortinet fortiproxy 7.4.0
fortinet fortiproxy to 7.4.3 (inc)
fortinet fortiproxy 7.2.0
fortinet fortiproxy to 7.2.9 (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability is a type of Cross-site Scripting (XSS) flaw, specifically categorized as CWE-79: Improper Neutralization of Input During Web Page Generation. It affects multiple Fortinet products, including FortiOS, FortiPAM, and FortiProxy.

An authenticated remote user can exploit this vulnerability by sending crafted requests to the affected system. Successful exploitation may allow the attacker to execute arbitrary code or commands on the vulnerable system.

  • Affected versions include FortiOS 7.6.0 through 7.6.6, all versions of FortiOS 7.4 and 7.2, and multiple versions of FortiPAM (1.0 through 1.8.0).
  • FortiProxy versions 7.4.0 through 7.4.3 and 7.2.0 through 7.2.9 are also affected.
Impact Analysis

If you are using any of the affected Fortinet products, this vulnerability could have several impacts on your systems and data.

  • An authenticated remote attacker could execute malicious code or commands on your system, potentially leading to unauthorized access or control.
  • The attacker could steal sensitive information, such as session cookies or credentials, by injecting malicious scripts into web pages.
  • This could result in data breaches, unauthorized modifications to system configurations, or disruption of services.
  • The CVSS base score of 6.1 indicates a medium severity, with potential impacts on confidentiality and integrity but no direct impact on availability.
Compliance Impact

This vulnerability could have implications for compliance with various standards and regulations, depending on the nature of the data and systems involved.

  • GDPR: If the affected systems process personal data of EU citizens, a successful exploit could lead to unauthorized access or disclosure of personal data. This may violate GDPR requirements for data protection and could result in fines or legal action.
  • HIPAA: For organizations handling protected health information (PHI), this vulnerability could lead to unauthorized access to sensitive patient data. This may constitute a breach under HIPAA, requiring notification and potentially resulting in penalties.
  • Other standards like PCI DSS (for payment card data) or industry-specific regulations may also be impacted if the affected systems handle sensitive or regulated data.

Organizations should assess their exposure and take remediation steps to avoid non-compliance and potential legal or financial consequences.

Detection Guidance

Detection of this Cross-site Scripting (XSS) vulnerability in Fortinet products (FortiOS, FortiPAM, FortiProxy) typically involves checking for signs of exploitation or vulnerable versions running on your network.

  • Identify vulnerable versions of Fortinet products in your environment. The affected versions are:
  • FortiOS: 7.6.0 through 7.6.6, all versions of 7.4, and all versions of 7.2.
  • FortiPAM: All versions from 1.0 through 1.8.0.
  • FortiProxy: 7.4.0 through 7.4.3 and 7.2.0 through 7.2.9.

You can use the following methods to detect vulnerable systems:

  • Check the version of Fortinet products via their web interface or CLI. For example, on FortiOS, use the command: get system status.
  • Use network scanning tools to identify Fortinet devices and their versions. Tools like Nmap can help with version detection.
  • Example Nmap command for version detection: nmap -sV --script=http-fortinet-version <target_IP>.
  • Monitor network traffic for suspicious requests that match the crafted input described in the vulnerability. This may require analyzing logs or using intrusion detection systems (IDS).

Since this is an authenticated vulnerability, ensure that logs are reviewed for unusual activity by authenticated users, such as unexpected script injections in web requests.

Mitigation Strategies

To mitigate this vulnerability, follow these immediate steps:

  • Upgrade affected Fortinet products to the latest patched versions as soon as they are available. Refer to Fortinet's official security advisories for the fixed versions.
  • If upgrading is not immediately possible, apply workarounds or mitigations provided by Fortinet. This may include disabling vulnerable features or restricting access to the affected interfaces.
  • Restrict access to the management interfaces of Fortinet devices to trusted networks and users only. Use firewall rules or network segmentation to limit exposure.
  • Enable logging and monitoring for suspicious activity, particularly for authenticated users attempting to inject malicious scripts or commands.
  • Review and audit user accounts with access to the affected systems to ensure only authorized personnel have access.
  • Consider implementing a Web Application Firewall (WAF) to block XSS attacks targeting the vulnerable systems.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-23573. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart