{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-24017", "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "state": "PUBLISHED", "assignerShortName": "fortinet", "dateReserved": "2026-01-20T11:13:10.548Z", "datePublished": "2026-03-10T16:44:19.746Z", "dateUpdated": "2026-03-10T17:41:32.299Z"}, "containers": {"cna": {"affected": [{"vendor": "Fortinet", "product": "FortiWeb", "cpes": ["cpe:2.3:a:fortinet:fortiweb:8.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiweb:8.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiweb:8.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiweb:7.6.5:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiweb:7.6.4:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiweb:7.6.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiweb:7.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiweb:7.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiweb:7.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiweb:7.4.10:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiweb:7.4.9:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiweb:7.4.8:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiweb:7.4.7:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiweb:7.4.6:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiweb:7.4.5:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiweb:7.4.4:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiweb:7.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiweb:7.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiweb:7.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiweb:7.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiweb:7.2.11:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiweb:7.2.10:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiweb:7.2.9:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiweb:7.2.8:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiweb:7.2.7:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiweb:7.2.6:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiweb:7.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiweb:7.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiweb:7.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiweb:7.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiweb:7.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiweb:7.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiweb:7.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiweb:7.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiweb:7.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiweb:7.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiweb:7.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiweb:7.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiweb:7.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiweb:7.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiweb:7.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiweb:7.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiweb:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiweb:7.0.0:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "versions": [{"versionType": "semver", "version": "8.0.0", "lessThanOrEqual": "8.0.2", "status": "affected"}, {"versionType": "semver", "version": "7.6.0", "lessThanOrEqual": "7.6.5", "status": "affected"}, {"versionType": "semver", "version": "7.4.0", "lessThanOrEqual": "7.4.10", "status": "affected"}, {"versionType": "semver", "version": "7.2.0", "lessThanOrEqual": "7.2.11", "status": "affected"}, {"versionType": "semver", "version": "7.0.0", "lessThanOrEqual": "7.0.11", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "An Improper Control of Interaction Frequency vulnerability [CWE-799] vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.2, FortiWeb 7.6.0 through 7.6.5, FortiWeb 7.4.0 through 7.4.10, FortiWeb 7.2.0 through 7.2.11, FortiWeb 7.0.0 through 7.0.11 may allow a remote unauthenticated attacker to bypass the authentication rate-limit via crafted requests. The success of the attack depends on the attacker's resources and the password target complexity."}], "providerMetadata": {"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet", "dateUpdated": "2026-03-10T16:44:19.746Z"}, "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-799", "description": "Improper access control", "type": "CWE"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"version": "3.1", "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C"}}], "solutions": [{"lang": "en", "value": "Upgrade to FortiWeb version 8.0.3 or above\nUpgrade to FortiWeb version 7.6.6 or above\nUpgrade to FortiWeb version 7.4.11 or above\nUpgrade to FortiWeb version 7.2.12 or above\nUpgrade to FortiWeb version 7.0.12 or above"}], "references": [{"name": "https://fortiguard.fortinet.com/psirt/FG-IR-26-082", "url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-082"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-24017", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-10T17:30:50.895908Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-10T17:41:32.299Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-24017", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-10T17:30:50.895908Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-10T17:34:25.434Z"}}], "cna": {"metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.3, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"cpes": ["cpe:2.3:a:fortinet:fortiweb:8.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiweb:8.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiweb:8.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiweb:7.6.5:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiweb:7.6.4:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiweb:7.6.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiweb:7.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiweb:7.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiweb:7.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiweb:7.4.10:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiweb:7.4.9:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiweb:7.4.8:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiweb:7.4.7:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiweb:7.4.6:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiweb:7.4.5:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiweb:7.4.4:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiweb:7.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiweb:7.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiweb:7.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiweb:7.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiweb:7.2.11:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiweb:7.2.10:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiweb:7.2.9:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiweb:7.2.8:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiweb:7.2.7:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiweb:7.2.6:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiweb:7.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiweb:7.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiweb:7.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiweb:7.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiweb:7.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiweb:7.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiweb:7.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiweb:7.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiweb:7.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiweb:7.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiweb:7.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiweb:7.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiweb:7.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiweb:7.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiweb:7.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiweb:7.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiweb:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiweb:7.0.0:*:*:*:*:*:*:*"], "vendor": "Fortinet", "product": "FortiWeb", "versions": [{"status": "affected", "version": "8.0.0", "versionType": "semver", "lessThanOrEqual": "8.0.2"}, {"status": "affected", "version": "7.6.0", "versionType": "semver", "lessThanOrEqual": "7.6.5"}, {"status": "affected", "version": "7.4.0", "versionType": "semver", "lessThanOrEqual": "7.4.10"}, {"status": "affected", "version": "7.2.0", "versionType": "semver", "lessThanOrEqual": "7.2.11"}, {"status": "affected", "version": "7.0.0", "versionType": "semver", "lessThanOrEqual": "7.0.11"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Upgrade to FortiWeb version 8.0.3 or above\nUpgrade to FortiWeb version 7.6.6 or above\nUpgrade to FortiWeb version 7.4.11 or above\nUpgrade to FortiWeb version 7.2.12 or above\nUpgrade to FortiWeb version 7.0.12 or above"}], "references": [{"url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-082", "name": "https://fortiguard.fortinet.com/psirt/FG-IR-26-082"}], "descriptions": [{"lang": "en", "value": "An Improper Control of Interaction Frequency vulnerability [CWE-799] vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.2, FortiWeb 7.6.0 through 7.6.5, FortiWeb 7.4.0 through 7.4.10, FortiWeb 7.2.0 through 7.2.11, FortiWeb 7.0.0 through 7.0.11 may allow a remote unauthenticated attacker to bypass the authentication rate-limit via crafted requests. The success of the attack depends on the attacker's resources and the password target complexity."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-799", "description": "Improper access control"}]}], "providerMetadata": {"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet", "dateUpdated": "2026-03-10T16:44:19.746Z"}}}, "cveMetadata": {"cveId": "CVE-2026-24017", "state": "PUBLISHED", "dateUpdated": "2026-03-10T17:41:32.299Z", "dateReserved": "2026-01-20T11:13:10.548Z", "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "datePublished": "2026-03-10T16:44:19.746Z", "assignerShortName": "fortinet"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "An Improper Control of Interaction Frequency vulnerability [CWE-799] vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.2, FortiWeb 7.6.0 through 7.6.5, FortiWeb 7.4.0 through 7.4.10, FortiWeb 7.2.0 through 7.2.11, FortiWeb 7.0.0 through 7.0.11 may allow a remote unauthenticated attacker to bypass the authentication rate-limit via crafted requests. The success of the attack depends on the attacker's resources and the password target complexity."}], "id": "CVE-2026-24017", "lastModified": "2026-03-10T18:18:17.400", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 5.9, "source": "psirt@fortinet.com", "type": "Secondary"}]}, "published": "2026-03-10T18:18:17.400", "references": [{"source": "psirt@fortinet.com", "url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-082"}], "sourceIdentifier": "psirt@fortinet.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-799"}], "source": "psirt@fortinet.com", "type": "Primary"}]}

{}

{}