1,125 CVEs

26 in CISA KEV

Fortinet Vulnerabilities

CVE security advisories and vulnerability history for Fortinet.

1,125

Total CVEs

Published

26

In CISA KEV

Exploited in the wild

65

Public exploits

With known exploit

6.2

Avg CVSS

2005–2026

Overview

Fortinet has 1,125 published CVE records since 2005, of which 26 are in CISA's Known Exploited Vulnerabilities catalog and 65 have a known public exploit. The average CVSS base score across scored CVEs is 6.2.

This page aggregates every publicly disclosed vulnerability (CVE) affecting Fortinet products, with severity breakdowns, the most-affected products, the most common weakness types, and the latest disclosures.

Severity and exploitation

How the CVSS severity of Fortinet's CVEs breaks down, plus how many are exploited in the wild or have public exploit code.

Critical59

High244

Medium477

Low93

252 additional CVEs have no CVSS severity score.

In CISA’s Known Exploited Vulnerabilities catalog

26

26 of Fortinet's CVEs are confirmed exploited in the wild.

Public exploits

65

65 of Fortinet's CVEs have a known public exploit available.

Most affected products

The Fortinet products with the most published CVEs.

FortiOS272 CVEs
FortiWeb125 CVEs
FortiProxy122 CVEs
FortiManager118 CVEs
FortiAnalyzer95 CVEs
forticlient88 CVEs
FortiSandbox59 CVEs
Fortinet FortiOS50 CVEs

Common weakness types

The CWE weakness categories most often found in Fortinet CVEs. Follow any weakness for its full explanation.

CNAs that assign these CVEs

The CVE Numbering Authorities that publish Fortinet CVE records.

Disclosure activity by year

How many Fortinet CVEs were published each year.

2019

45

2020

51

2021

126

2022

106

2023

198

2024

122

2025

237

2026

78

Latest Fortinet CVEs

The most recently disclosed vulnerabilities affecting Fortinet.

Medium vulnerability · 2026-05-12
CWE-78
Medium · CVSS 6.5
EPSS 0.0%2026-05-12
Medium vulnerability · 2026-05-12
CWE-78
Medium · CVSS 6.1
EPSS 0.0%2026-05-12
Medium vulnerability · 2026-05-12
CWE-676
Medium · CVSS 5.2
EPSS 0.1%2026-05-12
Medium vulnerability · 2026-05-12
CWE-89
Medium · CVSS 6.3
EPSS 0.0%2026-05-12
Medium vulnerability · 2026-05-12
CWE-88
Medium · CVSS 4.0
EPSS 0.0%2026-05-12
High vulnerability · 2026-05-12
CWE-787
High · CVSS 8.3
EPSS 0.0%2026-05-12
Medium vulnerability · 2026-05-12
CWE-926
Medium · CVSS 5.0
EPSS 0.0%2026-05-12
Low vulnerability · 2026-05-12
CWE-321
Low · CVSS 2.1
EPSS 0.0%2026-05-12
Medium vulnerability · 2026-05-12
CWE-89
Medium · CVSS 5.1
EPSS 0.0%2026-05-12
Critical vulnerability · 2026-05-12
CWE-284
Critical · CVSS 9.1
EPSS 0.1%2026-05-12
Critical vulnerability · 2026-05-12
CWE-862
Critical · CVSS 9.1
EPSS 0.1%2026-05-12
Medium vulnerability · 2026-04-14
CWE-787
Medium · CVSS 6.7
EPSS 0.1%2026-04-14

Track new Fortinet CVEs as they are disclosed and get AI-written analysis and remediation guidance.

Monitor Fortinet CVEs

Other vendors

Browse vulnerabilities for other tracked vendors.

mysql1,132 CVEs PHPGurukul1,111 CVEs jenkinsci1,107 CVEs drupal1,100 CVEs juniper1,082 CVEs D-Link1,068 CVEs mediatek1,040 CVEs vmware1,036 CVEs

Browse all vendors

Frequently asked questions

Common questions about Fortinet vulnerabilities.

How many CVEs does Fortinet have?

Fortinet has 1,125 published CVE records since 2005, including 315 in the last two years.

How many Fortinet CVEs are in CISA KEV?

Yes — 26 of Fortinet's CVEs are listed in CISA's Known Exploited Vulnerabilities catalog, confirmed exploited in the wild and carrying a CISA remediation deadline.

Which Fortinet products have the most CVEs?

The Fortinet products with the most published CVEs are FortiOS, FortiWeb, FortiProxy, FortiManager, FortiAnalyzer.

What are the most common weakness types in Fortinet CVEs?

Fortinet's CVEs most often map to these CWE weakness types: CWE-78 (Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')), CWE-79 (Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')), CWE-22 (Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')), CWE-284 (Improper Access Control).

Are there public exploits for Fortinet vulnerabilities?

Yes — 65 of Fortinet's CVEs have a known public exploit.

How many critical Fortinet vulnerabilities are there?

Fortinet has 59 critical and 244 high-severity CVEs.

What is the average severity of Fortinet CVEs?

The average CVSS base score across Fortinet's scored CVEs is 6.2.

References

Vulnerability data is sourced from the CVE Program; severity, KEV, and exploit signals are aggregated by RadicalNotion.AI.

Track Fortinet vulnerabilities

Monitor new Fortinet vulnerabilities as they are disclosed, with AI-written analysis and remediation guidance.

Start free See pricing