PSIRT | FortiGuard Labs (original) (raw)
API authentication and authorization bypass
| Version | Affected | Solution |
|---|---|---|
| FortiClientEMS 7.4 | 7.4.5 through 7.4.6 | Upgrade to upcoming 7.4.7 or above |
| FortiClientEMS 7.2 | Not affected | Not Applicable |
Fortinet remediated this issue in FortiClient Cloud and hence customers do not need to perform any action.
Fortinet remediated this issue in FortiSASE and hence customers do not need to perform any action.
Acknowledgement
Fortinet is pleased to thank Simo Kohonen from Defused and Nguyen Duc Anh for reporting this vulnerability under responsible disclosure.
Timeline
2026-04-04: Initial publication