Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons

Social Media

Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons
Search the Site
Popular Searches:
technology Amazon AI
Recent Posts
India Halts WhatsApp Usernames Rollout Due to Fraud Concerns
July 1, 2026
Critical Cursor IDE RCE Vulnerabilities Allow Zero-Click Prompt Injection
July 1, 2026
Automated Password Spray Attacks Target Microsoft Azure CLI
July 1, 2026
Home/CyberSecurity News/FortiOS and FortiSwitchManager Vulnerability Allows Remote Arbitrary Code Execution
CyberSecurity News

FortiOS and FortiSwitchManager Vulnerability Allows Remote Arbitrary Code Execution

Fortinet recently disclosed a critical heap-based buffer overflow vulnerability (CWE-122) affecting the cw_acd daemon in FortiOS and FortiSwitchManager. This flaw enables a remote, unauthenticated...

Sarah simpson
Sarah simpson
January 13, 2026 2 Min Read
31 0

Fortinet recently disclosed a critical heap-based buffer overflow vulnerability (CWE-122) affecting the cw_acd daemon in FortiOS and FortiSwitchManager.

This flaw enables a remote, unauthenticated attacker to execute arbitrary code or commands by sending specially crafted requests over the network.

Organizations relying on Fortinet’s firewalls, secure access service edge (SASE) solutions, and switch management tools face high risk, especially in environments with exposed fabric interfaces.

Discovered internally by Fortinet Product Security Team member Gwendal Guégniaud, the vulnerability was published on January 13, 2026. While no CVE identifier has been assigned yet, Fortinet urges immediate patching due to the risk of full-system compromise without authentication.

Affected Versions and Remediation

Multiple FortiOS branches, FortiSASE releases, and FortiSwitchManager versions are impacted. Administrators should verify their deployments and follow the recommended upgrade paths using Fortinet’s upgrade tool.

Product Affected Versions Solution
FortiOS 7.6 7.6.0 through 7.6.3 Upgrade to 7.6.4 or above
FortiOS 7.4 7.4.0 through 7.4.8 Upgrade to 7.4.9 or above
FortiOS 7.2 7.2.0 through 7.2.11 Upgrade to 7.2.12 or above
FortiOS 7.0 7.0.0 through 7.0.17 Upgrade to 7.0.18 or above
FortiOS 6.4 6.4.0 through 6.4.16 Upgrade to 6.4.17 or above
FortiSASE 25.2 25.2.b Already remediated in 25.2.c
FortiSASE 25.1.a 25.1.a.2 Migrate to fixed release
FortiSASE 24.4–22 Not affected N/A
FortiSwitchManager 7.2 7.2.0 through 7.2.6 Upgrade to 7.2.7 or above
FortiSwitchManager 7.0 7.0.0 through 7.0.5 Upgrade to 7.0.6 or above

Workarounds

In the absence of patches, Fortinet recommends two mitigations. First, disable “fabric” access on interfaces:

textconfig system interface
edit "port1"
set allowaccess ssh https  # Remove 'fabric'
next
end

Second, block CAPWAP-CONTROL traffic (UDP ports 5246-5249) via local-in policies, allowing only trusted sources. Define custom services, address groups, and policies to permit from approved IPs while denying others.

Fortinet advises prioritizing upgrades, monitoring logs for anomalous cw_acd activity, and segmenting management interfaces. This vulnerability underscores the ongoing need for vigilant patch management in enterprise networks.

Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.

Tags:

AttackCVEPatchSecurityVulnerability

Share Article

Sarah simpson

Sarah simpson

Sarah is a cybersecurity journalist specializing in threat intelligence and malware analysis. With over 8 years of experience covering APT groups, zero-day exploits, and advanced persistent threats, Sarah brings deep technical expertise to breaking cybersecurity news. Previously, she worked as a security researcher at leading threat intelligence firms, where she analyzed malware samples and tracked cybercriminal operations. Sarah holds a Master's degree in Computer Science with a focus on cybersecurity and is a regular contributor to major security conferences.

Previous Post

8000+ SmarterMail Hosts Vulnerable to RCE Attack – PoC Exploit Released

Next Post

FortiSandbox SSRF Vulnerability Allow Attacker to proxy Internal Traffic via Crafted HTTP Requests

No Comment! Be the first one.

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Popular Posts
Critical Fluentd Vulnerabilities Allow Remote Code Execution
July 1, 2026
Weaponized Google Ads Install Malicious Claude Code to Hijack macOS
July 1, 2026
Critical Adobe ColdFusion Vulnerabilities Let Attackers Run Code
July 1, 2026
Top Authors
Marcus Rodriguez
Marcus Rodriguez
Jennifer sherman
Jennifer sherman
Emy Elsamnoudy
Emy Elsamnoudy
Let's Connect
156k
2.25m
285k

Related Posts

Jennifer sherman
By Jennifer sherman
Threats

GlassWorm Attacks macOS via Malicious VS Code…

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Attacks

ClickFix Attack Hides Malicious Code via Stegan Security

January 1, 2026
Sarah simpson
By Sarah simpson
Vulnerabilities

MongoBleed Detector Tool Released to Detect MongoDB Vulnerability(CVE-2025-14847)

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Breaches

Conti Ransomware Gang Leaders & Infrastructure Exposed

January 1, 2026
Hackers News Hackers News
  • [email protected]

Quick Links

  • Contact Us
  • Privacy Policy
  • Terms of service

Categories

Attacks
Breaches
Comparisons
CyberSecurity News
Threats
Vulnerabilities

Let's keep in touch

receive fresh updates and breaking cyber news every day and week!

All Rights Reserved by HackersRadar ©2026

Follow Us