CVE-2026-24641

{"id": "CVE-2026-24641", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "psirt@fortinet.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 2.7, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 1.2}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2026-03-10T18:18:28.687", "references": [{"url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-089", "tags": ["Vendor Advisory"], "source": "psirt@fortinet.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "psirt@fortinet.com", "description": [{"lang": "en", "value": "CWE-476"}]}], "descriptions": [{"lang": "en", "value": "A NULL Pointer Dereference vulnerability [CWE-476] vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.2, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4 all versions, FortiWeb 7.2 all versions, FortiWeb 7.0 all versions may allow an authenticated attacker to crash the HTTP daemon via crafted HTTP requests."}, {"lang": "es", "value": "Una vulnerabilidad de desreferencia de puntero nulo [CWE-476] vulnerabilidad en Fortinet FortiWeb 8.0.0 hasta 8.0.2, FortiWeb 7.6.0 hasta 7.6.6, FortiWeb 7.4 todas las versiones, FortiWeb 7.2 todas las versiones, FortiWeb 7.0 todas las versiones puede permitir a un atacante autenticado bloquear el demonio HTTP a trav\u00e9s de solicitudes HTTP manipuladas."}], "lastModified": "2026-03-12T20:10:46.500", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "855290C3-8CE4-46F5-8698-25D492328FDF", "versionEndExcluding": "7.6.7", "versionStartIncluding": "7.0.0"}, {"criteria": "cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C82F9CC0-7683-4CDE-8370-153400605B55", "versionEndExcluding": "8.0.3", "versionStartIncluding": "8.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@fortinet.com"}