Back to search

Fortinet

FortiOS

Operating system for Fortinet FortiGate firewalls and related security appliances.

7.6 Current train 7.4 Switch to this train 7.2 Switch to this train 7.0 EOL Switch to this train 6.4 EOL Switch to this train
Current version
Last checked: yesterday

7.6.6

Release date
March 10, 2026
CVE status
3 visible CVEs

Source

Vendor Release Information

Public release notes are linked for the latest stored release.

View release notes Subscribe to updates

Release history

See the latest published releases stored for this product.

Version Published Notes
7.6.6 2026-03-10 Release Notes

Vulnerability tracking

Review curated CVEs for this product and see whether the current version is marked affected. Only CVEs with a CVSS score of 7.0 or higher and published in the last 90 days are shown.

CVE Severity Published Status Summary
CVE-2026-22153 HIGH (8.1) 2026-02-10 Current versionnot affected

An Authentication Bypass by Primary Weakness vulnerability [CWE-305] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.4 may allow an unauthenticated attacker to bypass LDAP authentication of Agentless VPN or FSSO policy, when the remote LDAP server is configured in a specific way.

Affected versions
  • From (including) 7.6.0 - Up to (excluding) 7.6.5
CVE-2025-64157 HIGH (7.2) 2026-02-10 Current versionnot affected

A use of externally-controlled format string vulnerability in Fortinet FortiOS 7.6.0 through 7.6.4, FortiOS 7.4.0 through 7.4.9, FortiOS 7.2.0 through 7.2.11, FortiOS 7.0 all versions allows an authenticated admin to execute unauthorized code or commands via specifically crafted configuration.

Affected versions
  • From (including) 7.0.0 - Up to (excluding) 7.4.10
  • From (including) 7.6.0 - Up to (excluding) 7.6.5
CVE-2026-24858 CRITICAL (9.8) 2026-01-27 Current versionnot affected

An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.5, FortiAnalyzer 7.4.0 through 7.4.9, FortiAnalyzer 7.2.0 through 7.2.11, FortiAnalyzer 7.0.0 through 7.0.15, FortiManager 7.6.0 through 7.6.5, FortiManager 7.4.0 through 7.4.9, FortiManager 7.2.0 through 7.2.11, FortiManager 7.0.0 through 7.0.15, FortiOS 7.6.0 through 7.6.5, FortiOS 7.4.0 through 7.4.10, FortiOS 7.2.0 through 7.2.12, FortiOS 7.0.0 through 7.0.18, FortiProxy 7.6.0 through 7.6.4, FortiProxy 7.4.0 through 7.4.12, FortiProxy 7.2.0 through 7.2.15, FortiProxy 7.0.0 through 7.0.22, FortiWeb 8.0.0 through 8.0.3, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4.0 through 7.4.11 may allow an attacker with a FortiCloud account and a registered device to log into other devices registered to other accounts, if FortiCloud SSO authentication is enabled on those devices.

Affected versions
  • From (including) 7.0.0 - Up to (including) 7.0.18
  • From (including) 7.2.0 - Up to (including) 7.2.12
Show 2 more
  • From (including) 7.4.0 - Up to (excluding) 7.4.11
  • From (including) 7.6.0 - Up to (excluding) 7.6.6