An improper neutralization of special elements used in an OS Command vulnerability [CWE-78] in FortiAP-C console 5.4.0 through 5.4.3, 5.2.0 through 5.2.1 may allow an authenticated attacker to execute unauthorized commands by running CLI commands with specifically crafted arguments.
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HFortinet Fortiap C
APPFortinet5.2.05.2.15.4.05.4.15.4.25.4.3
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Command Injection
CWE
Related vulnerabilities
CVE-2023-25608MEDIUM5.5ten sam produkt
An incomplete filtering of one or more instances of special elements vulnerability [CWE-792] in the command li...
CVE-2026-35616CRITICAL9.8⚠ KEVPL ✓ten sam vendor
Fortinet FortiClientEMS — nieuwierzytelnione wykonanie kodu (Auth Bypass)
CVE-2026-21643CRITICAL9.8⚠ KEVPL ✓ten sam vendor
SQL Injection w Fortinet FortiClientEMS — nieautoryzowane wykonanie kodu
CVE-2026-24858CRITICAL9.8⚠ KEVPL ✓ten sam vendor
Fortinet – Auth Bypass przez FortiCloud SSO w wielu produktach
CVE-2025-59718CRITICAL9.8⚠ KEVPL ✓ten sam vendor
Fortinet FortiOS/FortiProxy/FortiSwitchManager — Auth Bypass przez SAML