An unquoted service path vulnerability in the FortiSIEM Windows Agent component may allow an attacker to gain elevated privileges via the AoWinAgt executable service path.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HFortinet Fortisiem Windows Agent
APPFortinet≤ 3.1.2
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
CWE
Related vulnerabilities
CVE-2026-35616CRITICAL9.8⚠ KEVPL ✓ten sam vendor
Fortinet FortiClientEMS — nieuwierzytelnione wykonanie kodu (Auth Bypass)
CVE-2026-21643CRITICAL9.8⚠ KEVPL ✓ten sam vendor
SQL Injection w Fortinet FortiClientEMS — nieautoryzowane wykonanie kodu
CVE-2026-24858CRITICAL9.8⚠ KEVPL ✓ten sam vendor
Fortinet – Auth Bypass przez FortiCloud SSO w wielu produktach
CVE-2025-59718CRITICAL9.8⚠ KEVPL ✓ten sam vendor
Fortinet FortiOS/FortiProxy/FortiSwitchManager — Auth Bypass przez SAML
CVE-2025-64446CRITICAL9.8⚠ KEVPL ✓ten sam vendor
Path Traversal w Fortinet FortiWeb umożliwiający zdalne wykonanie poleceń