FortiOS and FortiSwitchManager Vulnerability Let Remote Attackers Execute Arbitrary Code
FortiOS and FortiSwitchManager Vulnerability Let Remote Attackers Execute Arbitrary Code
https://cybersecuritynews.com/fortios-and-fortiswitchmanager-vulnerability/
Publish Date: 2026-01-13 11:57:00
Source Domain: cybersecuritynews.com
Using an unordered list, summarize the following article with between 4 and 8 key points.
Fortinet has disclosed a critical heap-based buffer overflow vulnerability (CWE-122) in the cw_acd daemon of FortiOS and FortiSwitchManager.
This flaw enables a remote, unauthenticated attacker to execute arbitrary code or commands by sending specially crafted requests over the network.
Organizations relying on Fortinet’s firewalls, secure access service edge (SASE) solutions, and switch management tools face high risk, especially in environments with exposed fabric interfaces.
Discovered internally by Fortinet Product Security Team member Gwendal Guégniaud, the vulnerability was published on January 13, 2026. While no CVE identifier has been assigned yet, Fortinet urges immediate patching due to the risk of full-system compromise without authentication.
Multiple FortiOS branches, FortiSASE releases, and FortiSwitchManager versions are impacted. Administrators should verify their deployments and follow the recommended upgrade paths using Fortinet’s upgrade tool.
ProductAffected VersionsSolutionFortiOS 7.67.6.0 through 7.6.3Upgrade to 7.6.4 or aboveFortiOS 7.47.4.0 through 7.4.8Upgrade to 7.4.9 or aboveFortiOS 7.27.2.0 through 7.2.11Upgrade to 7.2.12 or aboveFortiOS 7.07.0.0 through 7.0.17Upgrade to 7.0.18 or aboveFortiOS 6.46.4.0 through 6.4.16Upgrade to 6.4.17 or aboveFortiSASE 25.225.2.bAlready remediated in 25.2.cFortiSASE 25.1.a25.1.a.2Migrate to fixed releaseFortiSASE 24.4–22Not affectedN/AFortiSwitchManager 7.27.2.0 through 7.2.6Upgrade to 7.2.7 or aboveFortiSwitchManager 7.07.0.0 through 7.0.5Upgrade to 7.0.6 or above
Workarounds
In the absence of patches, Fortinet recommends two mitigations. First, disable “fabric” access on interfaces:
textconfig system interface
edit “port1”
set allowaccess ssh https # Remove ‘fabric’
next
end
Second, block CAPWAP-CONTROL traffic (UDP ports 5246-5249) via local-in policies, allowing only trusted sources. Define custom services, address groups, and policies to permit from approved IPs while denying others.
Fortinet advises prioritizing upgrades, monitoring logs for anomalous cw_acd activity, and segmenting management interfaces. This vulnerability underscores the ongoing need for vigilant patch management in enterprise networks.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
