FortiWeb is a vulnerability tracked across 27 threat clusters and 82 intelligence report mentions on ThreatCluster. First observed November 13, 2025; most recent activity June 22, 2026.
A critical vulnerability in Fortinet's FortiWeb has been actively exploited to create unauthorized admin accounts. Organizations may have been unaware of the security patch that addressed this issue, leaving them…
A critical vulnerability in FortiWeb Web Application Firewall (WAF) has been actively exploited, allowing attackers to gain full administrative access to affected systems. Organizations using FortiWeb are at risk of…
Two vulnerabilities in FortiWeb have been identified, both exploited in the wild. The first, a relative path traversal vulnerability (CWE-23), allows unauthenticated attackers to execute administrative commands via…
GreyNoise Intelligence has released a report indicating that spikes in malicious activity often precede the disclosure of new vulnerabilities in edge devices. The study tracked 147.8 million sessions over 103 days,…
Fortinet reported two vulnerabilities affecting FortiOS, FortiManager, FortiAnalyzer, and FortiProxy related to FortiCloud SSO authentication. The first vulnerability, an Authentication Bypass (CWE-288), allows…
The Metasploit Framework has introduced a new exploit module specifically designed for recently disclosed zero-day vulnerabilities in Fortinet's FortiWeb Web Application Firewall. This update allows security…
CVE-2025-64756 identifies a command injection vulnerability in the glob CLI affecting versions 10.3.7 to 11.0.3. CVE-2025-64446 reveals a relative path traversal vulnerability in Fortinet FortiWeb versions 8.0.0 to…
More than 10,000 Fortinet firewalls remain exposed to a critical two-factor authentication bypass vulnerability (CVE-2020-12812) that has been actively exploited. This flaw, first disclosed in July 2020, continues to…
Fortinet has released security updates to address critical vulnerabilities (CVE-2025-59718 and CVE-2025-59719) affecting FortiOS, FortiWeb, FortiProxy, and FortiSwitchManager products. Users and administrators are…
A critical path-traversal vulnerability (CVE-2025-64446) in Fortinet's FortiWeb web application firewall has been exploited by threat actors since early October 2025. This flaw allows unauthenticated attackers to create…